From: Todd C. Miller Date: Wed, 22 Oct 2014 19:23:05 +0000 (-0600) Subject: Add support for multiple Debug lines per program. Callers may X-Git-Tag: SUDO_1_8_12^2~146 X-Git-Url: https://granicus.if.org/sourcecode?a=commitdiff_plain;h=866cfc4fc34c6cb2f1b646547df9d543fd90acfa;p=sudo Add support for multiple Debug lines per program. Callers may register arbitrary debug facilities or use built-in defaults. We now use separate Debug statements for plugins and programs. --- diff --git a/MANIFEST b/MANIFEST index c567d8873..9e67496e8 100644 --- a/MANIFEST +++ b/MANIFEST @@ -436,6 +436,7 @@ plugins/sudoers/sudoers.exp plugins/sudoers/sudoers.h plugins/sudoers/sudoers.in plugins/sudoers/sudoers2ldif +plugins/sudoers/sudoers_debug.c plugins/sudoers/sudoers_version.h plugins/sudoers/sudoreplay.c plugins/sudoers/testsudoers.c diff --git a/include/sudo_debug.h b/include/sudo_debug.h index 7d6327092..77b2aebbe 100644 --- a/include/sudo_debug.h +++ b/include/sudo_debug.h @@ -31,11 +31,12 @@ struct sudo_debug_file { struct sudo_conf_debug_file_list; /* - * The priority and subsystem are encoded in a single 32-bit value. - * The lower 4 bits are the priority and the top 26 bits are the subsystem. - * This allows for 16 priorities and a very large number of subsystems. - * Bit 5 is used as a flag to specify whether to log the errno value. - * Bit 6 specifies whether to log the function, file and line number data. + * The priority, instance and subsystem are encoded in a single 32-bit value. + * The first byte holds the priority and flags: + * nybble one is priority, nybble two is flags (errno or lineno). + * The second byte is for the instance index (way more than we need). + * The upper two bytes are the subsystem. + * This allows for 16 priorities, 3 flags, 256 instances, 65535 subsystems. */ /* @@ -52,63 +53,73 @@ struct sudo_conf_debug_file_list; #define SUDO_DEBUG_TRACE 7 /* log function enter/exit */ #define SUDO_DEBUG_DEBUG 8 /* very verbose debugging */ -/* - * Sudo debug subsystems. - * This includes subsystems in the sudoers plugin. - * Note: order must match sudo_debug_subsystems[] - */ -#define SUDO_DEBUG_MAIN ( 1<<6) /* sudo main() */ -#define SUDO_DEBUG_ARGS ( 2<<6) /* command line argument processing */ -#define SUDO_DEBUG_EXEC ( 3<<6) /* command execution */ -#define SUDO_DEBUG_PTY ( 4<<6) /* pseudo-tty */ -#define SUDO_DEBUG_UTMP ( 5<<6) /* utmp file ops */ -#define SUDO_DEBUG_CONV ( 6<<6) /* user conversation */ -#define SUDO_DEBUG_PCOMM ( 7<<6) /* plugin communications */ -#define SUDO_DEBUG_UTIL ( 8<<6) /* utility functions */ -#define SUDO_DEBUG_NETIF ( 9<<6) /* network interface functions */ -#define SUDO_DEBUG_AUDIT (10<<6) /* audit */ -#define SUDO_DEBUG_EDIT (11<<6) /* sudoedit */ -#define SUDO_DEBUG_SELINUX (12<<6) /* selinux */ -#define SUDO_DEBUG_LDAP (13<<6) /* sudoers LDAP */ -#define SUDO_DEBUG_MATCH (14<<6) /* sudoers matching */ -#define SUDO_DEBUG_PARSER (15<<6) /* sudoers parser */ -#define SUDO_DEBUG_ALIAS (16<<6) /* sudoers alias functions */ -#define SUDO_DEBUG_DEFAULTS (17<<6) /* sudoers defaults settings */ -#define SUDO_DEBUG_AUTH (18<<6) /* authentication functions */ -#define SUDO_DEBUG_ENV (19<<6) /* environment handling */ -#define SUDO_DEBUG_LOGGING (20<<6) /* logging functions */ -#define SUDO_DEBUG_NSS (21<<6) /* network service switch */ -#define SUDO_DEBUG_RBTREE (22<<6) /* red-black tree functions */ -#define SUDO_DEBUG_PERMS (23<<6) /* uid/gid swapping functions */ -#define SUDO_DEBUG_PLUGIN (24<<6) /* main plugin functions */ -#define SUDO_DEBUG_HOOKS (25<<6) /* hook functions */ -#define SUDO_DEBUG_SSSD (26<<6) /* sudoers SSSD */ -#define SUDO_DEBUG_EVENT (27<<6) /* event handling */ -#define SUDO_DEBUG_ALL 0xfff0 /* all subsystems */ - /* Flag to include string version of errno in debug info. */ #define SUDO_DEBUG_ERRNO (1<<4) /* Flag to include function, file and line number in debug info. */ #define SUDO_DEBUG_LINENO (1<<5) -/* Extract priority and convert to an index. */ -#define SUDO_DEBUG_PRI(n) (((n) & 0xf) - 1) - -/* Extract subsystem and convert to an index. */ -#define SUDO_DEBUG_SUBSYS(n) (((n) >> 6) - 1) +/* + * Sudo debug subsystems. + * This includes subsystems in the sudoers plugin. + * Note: order must match sudo_debug_subsystems[] + */ +#define SUDO_DEBUG_MAIN ( 1<<16) /* sudo main() */ +#define SUDO_DEBUG_ARGS ( 2<<16) /* command line argument processing */ +#define SUDO_DEBUG_EXEC ( 3<<16) /* command execution */ +#define SUDO_DEBUG_PTY ( 4<<16) /* pseudo-tty */ +#define SUDO_DEBUG_UTMP ( 5<<16) /* utmp file ops */ +#define SUDO_DEBUG_CONV ( 6<<16) /* user conversation */ +#define SUDO_DEBUG_PCOMM ( 7<<16) /* plugin communications */ +#define SUDO_DEBUG_UTIL ( 8<<16) /* utility functions */ +#define SUDO_DEBUG_NETIF ( 9<<16) /* network interface functions */ +#define SUDO_DEBUG_AUDIT (10<<16) /* audit */ +#define SUDO_DEBUG_EDIT (11<<16) /* sudoedit */ +#define SUDO_DEBUG_SELINUX (12<<16) /* selinux */ +#define SUDO_DEBUG_LDAP (13<<16) /* sudoers LDAP */ +#define SUDO_DEBUG_MATCH (14<<16) /* sudoers matching */ +#define SUDO_DEBUG_PARSER (15<<16) /* sudoers parser */ +#define SUDO_DEBUG_ALIAS (16<<16) /* sudoers alias functions */ +#define SUDO_DEBUG_DEFAULTS (17<<16) /* sudoers defaults settings */ +#define SUDO_DEBUG_AUTH (18<<16) /* authentication functions */ +#define SUDO_DEBUG_ENV (19<<16) /* environment handling */ +#define SUDO_DEBUG_LOGGING (20<<16) /* logging functions */ +#define SUDO_DEBUG_NSS (21<<16) /* network service switch */ +#define SUDO_DEBUG_RBTREE (22<<16) /* red-black tree functions */ +#define SUDO_DEBUG_PERMS (23<<16) /* uid/gid swapping functions */ +#define SUDO_DEBUG_PLUGIN (24<<16) /* main plugin functions */ +#define SUDO_DEBUG_HOOKS (25<<16) /* hook functions */ +#define SUDO_DEBUG_SSSD (26<<16) /* sudoers SSSD */ +#define SUDO_DEBUG_EVENT (27<<16) /* event handling */ +#define SUDO_DEBUG_ALL 0xffff0000 /* all subsystems */ + +/* Initializer for instance index to indicate that debugging is not setup. */ +#define SUDO_DEBUG_INSTANCE_INITIALIZER SUDO_DEBUG_MKINSTANCE(-1) + +/* The 'default' instance logs to the currently selected debug instance. */ +#define SUDO_DEBUG_INSTANCE_DEFAULT SUDO_DEBUG_MKINSTANCE(-2) + +/* Extract priority number and convert to an index. */ +#define SUDO_DEBUG_PRI(n) (((n) & 0x0f) - 1) + +/* Extract instance number and convert to an index. */ +#define SUDO_DEBUG_INSTANCE(n) ((((n) & 0xff00) >> 8) - 2) +#define SUDO_DEBUG_MKINSTANCE(n) (((n) + 2) << 8) + +/* Extract subsystem number and convert to an index. */ +#define SUDO_DEBUG_SUBSYS(n) (((n) >> 16) - 1) /* * Wrapper for sudo_debug_enter() that declares __func__ as needed * and sets sudo_debug_subsys for sudo_debug_exit(). */ #ifdef HAVE___FUNC__ -# define debug_decl(funcname, subsys) \ - const int sudo_debug_subsys = (subsys); \ +# define debug_decl(funcname, subsys, instance) \ + const int sudo_debug_subsys = (subsys)|(instance); \ sudo_debug_enter(__func__, __FILE__, __LINE__, sudo_debug_subsys); #else -# define debug_decl(funcname, subsys) \ - const int sudo_debug_subsys = (subsys); \ +# define debug_decl(funcname, subsys, instance) \ + const int sudo_debug_subsys = (subsys)|(instance); \ const char __func__[] = #funcname; \ sudo_debug_enter(__func__, __FILE__, __LINE__, sudo_debug_subsys); #endif @@ -213,26 +224,30 @@ struct sudo_conf_debug_file_list; #define sudo_debug_execve(pri, path, argv, envp) \ sudo_debug_execve2((pri)|sudo_debug_subsys, (path), (argv), (envp)) -#define sudo_debug_write(str, len, errnum) \ - sudo_debug_write2(NULL, NULL, 0, (str), (len), (errnum)) +#define sudo_debug_write(fd, str, len, errnum) \ + sudo_debug_write2(fd, NULL, NULL, 0, (str), (len), (errnum)) +__dso_public int sudo_debug_deregister(int instance_id); __dso_public void sudo_debug_enter(const char *func, const char *file, int line, int subsys); __dso_public void sudo_debug_execve2(int level, const char *path, char *const argv[], char *const envp[]); __dso_public void sudo_debug_exit(const char *func, const char *file, int line, int subsys); +__dso_public void sudo_debug_exit_bool(const char *func, const char *file, int line, int subsys, int rval); __dso_public void sudo_debug_exit_int(const char *func, const char *file, int line, int subsys, int rval); __dso_public void sudo_debug_exit_long(const char *func, const char *file, int line, int subsys, long rval); +__dso_public void sudo_debug_exit_ptr(const char *func, const char *file, int line, int subsys, const void *rval); __dso_public void sudo_debug_exit_size_t(const char *func, const char *file, int line, int subsys, size_t rval); -__dso_public void sudo_debug_exit_bool(const char *func, const char *file, int line, int subsys, int rval); __dso_public void sudo_debug_exit_str(const char *func, const char *file, int line, int subsys, const char *rval); __dso_public void sudo_debug_exit_str_masked(const char *func, const char *file, int line, int subsys, const char *rval); -__dso_public void sudo_debug_exit_ptr(const char *func, const char *file, int line, int subsys, const void *rval); -__dso_public int sudo_debug_fd_get(void); -__dso_public int sudo_debug_fd_set(int fd); -__dso_public int sudo_debug_init(const char *debugfile, const char *settings); -__dso_public void sudo_debug_printf_nvm(int pri, const char *fmt, ...) __printf0like(2, 3); +__dso_public pid_t sudo_debug_fork(void); +__dso_public int sudo_debug_get_default_instance(void); +__dso_public int sudo_debug_get_fds(fd_set **fdsetp); +__dso_public int sudo_debug_get_instance(const char *program); __dso_public void sudo_debug_printf2(const char *func, const char *file, int line, int level, const char *fmt, ...) __printf0like(5, 6); +__dso_public void sudo_debug_printf_nvm(int pri, const char *fmt, ...) __printf0like(2, 3); +__dso_public int sudo_debug_register(const char *program, const char *const subsystems[], int num_subsystems, struct sudo_conf_debug_file_list *debug_files); +__dso_public int sudo_debug_set_default_instance(int inst); +__dso_public void sudo_debug_update_fd(int ofd, int nfd); __dso_public void sudo_debug_vprintf2(const char *func, const char *file, int line, int level, const char *fmt, va_list ap) __printf0like(5, 0); -__dso_public void sudo_debug_write2(const char *func, const char *file, int line, const char *str, int len, int errno_val); -__dso_public pid_t sudo_debug_fork(void); +__dso_public void sudo_debug_write2(int fd, const char *func, const char *file, int line, const char *str, int len, int errnum); #endif /* _SUDO_DEBUG_H */ diff --git a/lib/util/aix.c b/lib/util/aix.c index 0ce9a7068..2d274f060 100644 --- a/lib/util/aix.c +++ b/lib/util/aix.c @@ -73,7 +73,7 @@ static struct aix_limit aix_limits[] = { static int aix_getlimit(char *user, char *lim, int *valp) { - debug_decl(aix_getlimit, SUDO_DEBUG_UTIL) + debug_decl(aix_getlimit, SUDO_DEBUG_UTIL, SUDO_DEBUG_INSTANCE_DEFAULT) if (getuserattr(user, lim, valp, SEC_INT) != 0) debug_return_int(-1); @@ -86,7 +86,7 @@ aix_setlimits(char *user) struct rlimit64 rlim; int val; size_t n; - debug_decl(aix_setlimits, SUDO_DEBUG_UTIL) + debug_decl(aix_setlimits, SUDO_DEBUG_UTIL, SUDO_DEBUG_INSTANCE_DEFAULT) if (setuserdb(S_READ) != 0) { sudo_warn(U_("unable to open userdb")); @@ -144,7 +144,7 @@ int aix_setauthdb_v1(char *user) { char *registry; - debug_decl(aix_setauthdb, SUDO_DEBUG_UTIL) + debug_decl(aix_setauthdb, SUDO_DEBUG_UTIL, SUDO_DEBUG_INSTANCE_DEFAULT) if (user != NULL) { if (setuserdb(S_READ) != 0) { @@ -169,7 +169,7 @@ aix_setauthdb_v1(char *user) int aix_restoreauthdb_v1(void) { - debug_decl(aix_setauthdb, SUDO_DEBUG_UTIL) + debug_decl(aix_setauthdb, SUDO_DEBUG_UTIL, SUDO_DEBUG_INSTANCE_DEFAULT) if (setauthdb(NULL, NULL) != 0) { sudo_warn(U_("unable to restore registry")); @@ -184,7 +184,7 @@ aix_prep_user_v1(char *user, const char *tty) { char *info; int len; - debug_decl(aix_setauthdb, SUDO_DEBUG_UTIL) + debug_decl(aix_setauthdb, SUDO_DEBUG_UTIL, SUDO_DEBUG_INSTANCE_DEFAULT) /* set usrinfo, like login(1) does */ len = sudo_easprintf(&info, "NAME=%s%cLOGIN=%s%cLOGNAME=%s%cTTY=%s%c", diff --git a/lib/util/event.c b/lib/util/event.c index 61744f87a..2cfb29452 100644 --- a/lib/util/event.c +++ b/lib/util/event.c @@ -88,7 +88,7 @@ struct sudo_event_base * sudo_ev_base_alloc_v1(void) { struct sudo_event_base *base; - debug_decl(sudo_ev_base_alloc, SUDO_DEBUG_EVENT) + debug_decl(sudo_ev_base_alloc, SUDO_DEBUG_EVENT, SUDO_DEBUG_INSTANCE_DEFAULT) base = sudo_ecalloc(1, sizeof(*base)); TAILQ_INIT(&base->events); @@ -105,7 +105,7 @@ void sudo_ev_base_free_v1(struct sudo_event_base *base) { struct sudo_event *ev, *next; - debug_decl(sudo_ev_base_free, SUDO_DEBUG_EVENT) + debug_decl(sudo_ev_base_free, SUDO_DEBUG_EVENT, SUDO_DEBUG_INSTANCE_DEFAULT) /* Remove any existing events before freeing the base. */ TAILQ_FOREACH_SAFE(ev, &base->events, entries, next) { @@ -121,7 +121,7 @@ struct sudo_event * sudo_ev_alloc_v1(int fd, short events, sudo_ev_callback_t callback, void *closure) { struct sudo_event *ev; - debug_decl(sudo_ev_alloc, SUDO_DEBUG_EVENT) + debug_decl(sudo_ev_alloc, SUDO_DEBUG_EVENT, SUDO_DEBUG_INSTANCE_DEFAULT) /* XXX - sanity check events value */ @@ -138,7 +138,7 @@ sudo_ev_alloc_v1(int fd, short events, sudo_ev_callback_t callback, void *closur void sudo_ev_free_v1(struct sudo_event *ev) { - debug_decl(sudo_ev_free, SUDO_DEBUG_EVENT) + debug_decl(sudo_ev_free, SUDO_DEBUG_EVENT, SUDO_DEBUG_INSTANCE_DEFAULT) /* Make sure ev is not in use before freeing it. */ if (ISSET(ev->flags, SUDO_EVQ_INSERTED)) @@ -151,7 +151,7 @@ int sudo_ev_add_v1(struct sudo_event_base *base, struct sudo_event *ev, struct timeval *timo, bool tohead) { - debug_decl(sudo_ev_add, SUDO_DEBUG_EVENT) + debug_decl(sudo_ev_add, SUDO_DEBUG_EVENT, SUDO_DEBUG_INSTANCE_DEFAULT) /* If no base specified, use existing one. */ if (base == NULL) { @@ -216,7 +216,7 @@ sudo_ev_add_v1(struct sudo_event_base *base, struct sudo_event *ev, int sudo_ev_del_v1(struct sudo_event_base *base, struct sudo_event *ev) { - debug_decl(sudo_ev_del, SUDO_DEBUG_EVENT) + debug_decl(sudo_ev_del, SUDO_DEBUG_EVENT, SUDO_DEBUG_INSTANCE_DEFAULT) /* Make sure event is really in the queue. */ if (!ISSET(ev->flags, SUDO_EVQ_INSERTED)) { @@ -276,7 +276,7 @@ sudo_ev_loop_v1(struct sudo_event_base *base, int flags) struct timeval now; struct sudo_event *ev; int nready, rc = 0; - debug_decl(sudo_ev_loop, SUDO_DEBUG_EVENT) + debug_decl(sudo_ev_loop, SUDO_DEBUG_EVENT, SUDO_DEBUG_INSTANCE_DEFAULT) /* * If sudo_ev_loopexit() was called when events were not running @@ -372,7 +372,7 @@ done: void sudo_ev_loopexit_v1(struct sudo_event_base *base) { - debug_decl(sudo_ev_loopexit, SUDO_DEBUG_EVENT) + debug_decl(sudo_ev_loopexit, SUDO_DEBUG_EVENT, SUDO_DEBUG_INSTANCE_DEFAULT) /* SUDO_EVBASE_LOOPBREAK trumps SUDO_EVBASE_LOOPEXIT */ if (!ISSET(base->flags, SUDO_EVBASE_LOOPBREAK)) { /* SUDO_EVBASE_LOOPEXIT trumps SUDO_EVBASE_LOOPCONT */ @@ -385,7 +385,7 @@ sudo_ev_loopexit_v1(struct sudo_event_base *base) void sudo_ev_loopbreak_v1(struct sudo_event_base *base) { - debug_decl(sudo_ev_loopbreak, SUDO_DEBUG_EVENT) + debug_decl(sudo_ev_loopbreak, SUDO_DEBUG_EVENT, SUDO_DEBUG_INSTANCE_DEFAULT) /* SUDO_EVBASE_LOOPBREAK trumps SUDO_EVBASE_LOOP{CONT,EXIT,ONCE}. */ CLR(base->flags, (SUDO_EVBASE_LOOPCONT|SUDO_EVBASE_LOOPEXIT|SUDO_EVBASE_LOOPONCE)); SET(base->flags, SUDO_EVBASE_LOOPBREAK); @@ -395,7 +395,7 @@ sudo_ev_loopbreak_v1(struct sudo_event_base *base) void sudo_ev_loopcontinue_v1(struct sudo_event_base *base) { - debug_decl(sudo_ev_loopcontinue, SUDO_DEBUG_EVENT) + debug_decl(sudo_ev_loopcontinue, SUDO_DEBUG_EVENT, SUDO_DEBUG_INSTANCE_DEFAULT) /* SUDO_EVBASE_LOOP{BREAK,EXIT} trumps SUDO_EVBASE_LOOPCONT */ if (!ISSET(base->flags, SUDO_EVBASE_LOOPONCE|SUDO_EVBASE_LOOPBREAK)) { SET(base->flags, SUDO_EVBASE_LOOPCONT); @@ -406,14 +406,14 @@ sudo_ev_loopcontinue_v1(struct sudo_event_base *base) bool sudo_ev_got_exit_v1(struct sudo_event_base *base) { - debug_decl(sudo_ev_got_exit, SUDO_DEBUG_EVENT) + debug_decl(sudo_ev_got_exit, SUDO_DEBUG_EVENT, SUDO_DEBUG_INSTANCE_DEFAULT) debug_return_bool(ISSET(base->flags, SUDO_EVBASE_GOT_EXIT)); } bool sudo_ev_got_break_v1(struct sudo_event_base *base) { - debug_decl(sudo_ev_got_break, SUDO_DEBUG_EVENT) + debug_decl(sudo_ev_got_break, SUDO_DEBUG_EVENT, SUDO_DEBUG_INSTANCE_DEFAULT) debug_return_bool(ISSET(base->flags, SUDO_EVBASE_GOT_BREAK)); } @@ -421,7 +421,7 @@ int sudo_ev_get_timeleft_v1(struct sudo_event *ev, struct timeval *tv) { struct timeval now; - debug_decl(sudo_ev_get_timeleft, SUDO_DEBUG_EVENT) + debug_decl(sudo_ev_get_timeleft, SUDO_DEBUG_EVENT, SUDO_DEBUG_INSTANCE_DEFAULT) if (!ISSET(ev->flags, SUDO_EVQ_TIMEOUTS)) { sudo_timevalclear(tv); diff --git a/lib/util/event_poll.c b/lib/util/event_poll.c index a7f047edd..3346105ca 100644 --- a/lib/util/event_poll.c +++ b/lib/util/event_poll.c @@ -56,7 +56,7 @@ int sudo_ev_base_alloc_impl(struct sudo_event_base *base) { int i; - debug_decl(sudo_ev_base_alloc_impl, SUDO_DEBUG_EVENT) + debug_decl(sudo_ev_base_alloc_impl, SUDO_DEBUG_EVENT, SUDO_DEBUG_INSTANCE_DEFAULT) base->pfd_high = -1; base->pfd_max = 32; @@ -71,7 +71,7 @@ sudo_ev_base_alloc_impl(struct sudo_event_base *base) void sudo_ev_base_free_impl(struct sudo_event_base *base) { - debug_decl(sudo_ev_base_free_impl, SUDO_DEBUG_EVENT) + debug_decl(sudo_ev_base_free_impl, SUDO_DEBUG_EVENT, SUDO_DEBUG_INSTANCE_DEFAULT) sudo_efree(base->pfds); debug_return; } @@ -80,7 +80,7 @@ int sudo_ev_add_impl(struct sudo_event_base *base, struct sudo_event *ev) { struct pollfd *pfd; - debug_decl(sudo_ev_add_impl, SUDO_DEBUG_EVENT) + debug_decl(sudo_ev_add_impl, SUDO_DEBUG_EVENT, SUDO_DEBUG_INSTANCE_DEFAULT) /* If out of space in pfds array, realloc. */ if (base->pfd_free == base->pfd_max) { @@ -119,7 +119,7 @@ sudo_ev_add_impl(struct sudo_event_base *base, struct sudo_event *ev) int sudo_ev_del_impl(struct sudo_event_base *base, struct sudo_event *ev) { - debug_decl(sudo_ev_del_impl, SUDO_DEBUG_EVENT) + debug_decl(sudo_ev_del_impl, SUDO_DEBUG_EVENT, SUDO_DEBUG_INSTANCE_DEFAULT) /* Mark pfd entry unused, add to free list and adjust high slot. */ base->pfds[ev->pfd_idx].fd = -1; @@ -137,7 +137,7 @@ sudo_ev_scan_impl(struct sudo_event_base *base, int flags) struct sudo_event *ev; int nready, timeout; struct timeval now; - debug_decl(sudo_ev_scan_impl, SUDO_DEBUG_EVENT) + debug_decl(sudo_ev_scan_impl, SUDO_DEBUG_EVENT, SUDO_DEBUG_INSTANCE_DEFAULT) if ((ev = TAILQ_FIRST(&base->timeouts)) != NULL) { struct timeval *timo = &ev->timeout; diff --git a/lib/util/event_select.c b/lib/util/event_select.c index 30c9301c1..926bcfce5 100644 --- a/lib/util/event_select.c +++ b/lib/util/event_select.c @@ -1,5 +1,5 @@ /* - * Copyright (c) 2013 Todd C. Miller + * Copyright (c) 2013-2014 Todd C. Miller * * Permission to use, copy, modify, and distribute this software for any * purpose with or without fee is hereby granted, provided that the above @@ -61,7 +61,7 @@ int sudo_ev_base_alloc_impl(struct sudo_event_base *base) { - debug_decl(sudo_ev_base_alloc_impl, SUDO_DEBUG_EVENT) + debug_decl(sudo_ev_base_alloc_impl, SUDO_DEBUG_EVENT, SUDO_DEBUG_INSTANCE_DEFAULT) base->maxfd = NFDBITS - 1; base->readfds_in = sudo_ecalloc(1, sizeof(fd_mask)); @@ -75,7 +75,7 @@ sudo_ev_base_alloc_impl(struct sudo_event_base *base) void sudo_ev_base_free_impl(struct sudo_event_base *base) { - debug_decl(sudo_ev_base_free_impl, SUDO_DEBUG_EVENT) + debug_decl(sudo_ev_base_free_impl, SUDO_DEBUG_EVENT, SUDO_DEBUG_INSTANCE_DEFAULT) sudo_efree(base->readfds_in); sudo_efree(base->writefds_in); sudo_efree(base->readfds_out); @@ -86,7 +86,7 @@ sudo_ev_base_free_impl(struct sudo_event_base *base) int sudo_ev_add_impl(struct sudo_event_base *base, struct sudo_event *ev) { - debug_decl(sudo_ev_add_impl, SUDO_DEBUG_EVENT) + debug_decl(sudo_ev_add_impl, SUDO_DEBUG_EVENT, SUDO_DEBUG_INSTANCE_DEFAULT) /* If out of space in fd sets, realloc. */ if (ev->fd > base->maxfd) { @@ -119,7 +119,7 @@ sudo_ev_add_impl(struct sudo_event_base *base, struct sudo_event *ev) int sudo_ev_del_impl(struct sudo_event_base *base, struct sudo_event *ev) { - debug_decl(sudo_ev_del_impl, SUDO_DEBUG_EVENT) + debug_decl(sudo_ev_del_impl, SUDO_DEBUG_EVENT, SUDO_DEBUG_INSTANCE_DEFAULT) /* Remove from readfds and writefds and adjust high fd. */ if (ISSET(ev->events, SUDO_EV_READ)) { @@ -152,7 +152,7 @@ sudo_ev_scan_impl(struct sudo_event_base *base, int flags) struct sudo_event *ev; size_t setsize; int nready; - debug_decl(sudo_ev_loop, SUDO_DEBUG_EVENT) + debug_decl(sudo_ev_loop, SUDO_DEBUG_EVENT, SUDO_DEBUG_INSTANCE_DEFAULT) if ((ev = TAILQ_FIRST(&base->timeouts)) != NULL) { gettimeofday(&now, NULL); diff --git a/lib/util/gidlist.c b/lib/util/gidlist.c index adb1c4097..db9901710 100644 --- a/lib/util/gidlist.c +++ b/lib/util/gidlist.c @@ -52,7 +52,7 @@ sudo_parse_gids_v1(const char *gidstr, const gid_t *basegid, GETGROUPS_T **gidsp const char *cp = gidstr; const char *errstr; char *ep; - debug_decl(sudo_parse_gids, SUDO_DEBUG_UTIL) + debug_decl(sudo_parse_gids, SUDO_DEBUG_UTIL, SUDO_DEBUG_INSTANCE_DEFAULT) /* Count groups. */ if (*cp != '\0') { diff --git a/lib/util/key_val.c b/lib/util/key_val.c index cb421a706..dd2211d5b 100644 --- a/lib/util/key_val.c +++ b/lib/util/key_val.c @@ -1,5 +1,5 @@ /* - * Copyright (c) 2010-2012 Todd C. Miller + * Copyright (c) 2010-2012, 2014 Todd C. Miller * * Permission to use, copy, modify, and distribute this software for any * purpose with or without fee is hereby granted, provided that the above @@ -51,7 +51,7 @@ sudo_new_key_val_v1(const char *key, const char *val) size_t key_len = strlen(key); size_t val_len = strlen(val); char *cp, *str; - debug_decl(sudo_new_key_val, SUDO_DEBUG_UTIL) + debug_decl(sudo_new_key_val, SUDO_DEBUG_UTIL, SUDO_DEBUG_INSTANCE_DEFAULT) cp = str = malloc(key_len + 1 + val_len + 1); if (str != NULL) { diff --git a/lib/util/lbuf.c b/lib/util/lbuf.c index 58ef06376..8fdbdb425 100644 --- a/lib/util/lbuf.c +++ b/lib/util/lbuf.c @@ -51,7 +51,7 @@ void sudo_lbuf_init_v1(struct sudo_lbuf *lbuf, sudo_lbuf_output_t output, int indent, const char *continuation, int cols) { - debug_decl(sudo_lbuf_init, SUDO_DEBUG_UTIL) + debug_decl(sudo_lbuf_init, SUDO_DEBUG_UTIL, SUDO_DEBUG_INSTANCE_DEFAULT) lbuf->output = output; lbuf->continuation = continuation; @@ -67,7 +67,7 @@ sudo_lbuf_init_v1(struct sudo_lbuf *lbuf, sudo_lbuf_output_t output, void sudo_lbuf_destroy_v1(struct sudo_lbuf *lbuf) { - debug_decl(sudo_lbuf_destroy, SUDO_DEBUG_UTIL) + debug_decl(sudo_lbuf_destroy, SUDO_DEBUG_UTIL, SUDO_DEBUG_INSTANCE_DEFAULT) sudo_efree(lbuf->buf); lbuf->buf = NULL; @@ -96,7 +96,7 @@ sudo_lbuf_append_quoted_v1(struct sudo_lbuf *lbuf, const char *set, const char * va_list ap; int len; char *cp, *s; - debug_decl(sudo_lbuf_append_quoted, SUDO_DEBUG_UTIL) + debug_decl(sudo_lbuf_append_quoted, SUDO_DEBUG_UTIL, SUDO_DEBUG_INSTANCE_DEFAULT) va_start(ap, fmt); while (*fmt != '\0') { @@ -143,7 +143,7 @@ sudo_lbuf_append_v1(struct sudo_lbuf *lbuf, const char *fmt, ...) va_list ap; int len; char *s; - debug_decl(sudo_lbuf_append, SUDO_DEBUG_UTIL) + debug_decl(sudo_lbuf_append, SUDO_DEBUG_UTIL, SUDO_DEBUG_INSTANCE_DEFAULT) va_start(ap, fmt); while (*fmt != '\0') { @@ -173,7 +173,7 @@ sudo_lbuf_println(struct sudo_lbuf *lbuf, char *line, int len) { char *cp, save; int i, have, contlen; - debug_decl(sudo_lbuf_println, SUDO_DEBUG_UTIL) + debug_decl(sudo_lbuf_println, SUDO_DEBUG_UTIL, SUDO_DEBUG_INSTANCE_DEFAULT) contlen = lbuf->continuation ? strlen(lbuf->continuation) : 0; @@ -235,7 +235,7 @@ sudo_lbuf_print_v1(struct sudo_lbuf *lbuf) { char *cp, *ep; int len; - debug_decl(sudo_lbuf_print, SUDO_DEBUG_UTIL) + debug_decl(sudo_lbuf_print, SUDO_DEBUG_UTIL, SUDO_DEBUG_INSTANCE_DEFAULT) if (lbuf->buf == NULL || lbuf->len == 0) goto done; diff --git a/lib/util/locking.c b/lib/util/locking.c index 587565f3b..e4ada8ece 100644 --- a/lib/util/locking.c +++ b/lib/util/locking.c @@ -68,7 +68,7 @@ bool sudo_lock_file_v1(int fd, int lockit) { int op = 0; - debug_decl(sudo_lock_file, SUDO_DEBUG_UTIL) + debug_decl(sudo_lock_file, SUDO_DEBUG_UTIL, SUDO_DEBUG_INSTANCE_DEFAULT) switch (lockit) { case SUDO_LOCK: @@ -88,7 +88,7 @@ bool sudo_lock_file_v1(int fd, int lockit) { int op = 0; - debug_decl(sudo_lock_file, SUDO_DEBUG_UTIL) + debug_decl(sudo_lock_file, SUDO_DEBUG_UTIL, SUDO_DEBUG_INSTANCE_DEFAULT) switch (lockit) { case SUDO_LOCK: @@ -110,7 +110,7 @@ sudo_lock_file_v1(int fd, int lockit) #ifdef F_SETLK int func; struct flock lock; - debug_decl(sudo_lock_file, SUDO_DEBUG_UTIL) + debug_decl(sudo_lock_file, SUDO_DEBUG_UTIL, SUDO_DEBUG_INSTANCE_DEFAULT) lock.l_start = 0; lock.l_len = 0; diff --git a/lib/util/parseln.c b/lib/util/parseln.c index ca671eeeb..c588ad406 100644 --- a/lib/util/parseln.c +++ b/lib/util/parseln.c @@ -67,7 +67,7 @@ sudo_parseln_v1(char **bufp, size_t *bufsizep, unsigned int *lineno, FILE *fp) ssize_t len; char *cp, *line = NULL; bool continued; - debug_decl(sudo_parseln, SUDO_DEBUG_UTIL) + debug_decl(sudo_parseln, SUDO_DEBUG_UTIL, SUDO_DEBUG_INSTANCE_DEFAULT) do { continued = false; diff --git a/lib/util/secure_path.c b/lib/util/secure_path.c index 280252d61..fceae2960 100644 --- a/lib/util/secure_path.c +++ b/lib/util/secure_path.c @@ -1,5 +1,5 @@ /* - * Copyright (c) 2012 Todd C. Miller + * Copyright (c) 2012, 2014 Todd C. Miller * * Permission to use, copy, modify, and distribute this software for any * purpose with or without fee is hereby granted, provided that the above @@ -42,7 +42,7 @@ sudo_secure_path(const char *path, unsigned int type, uid_t uid, gid_t gid, stru { struct stat sb; int rval = SUDO_PATH_MISSING; - debug_decl(sudo_secure_path, SUDO_DEBUG_UTIL) + debug_decl(sudo_secure_path, SUDO_DEBUG_UTIL, SUDO_DEBUG_INSTANCE_DEFAULT) if (path != NULL && stat(path, &sb) == 0) { if ((sb.st_mode & _S_IFMT) != type) { diff --git a/lib/util/setgroups.c b/lib/util/setgroups.c index 7a541732b..f41430090 100644 --- a/lib/util/setgroups.c +++ b/lib/util/setgroups.c @@ -1,5 +1,5 @@ /* - * Copyright (c) 2011-2012 Todd C. Miller + * Copyright (c) 2011-2012, 2014 Todd C. Miller * * Permission to use, copy, modify, and distribute this software for any * purpose with or without fee is hereby granted, provided that the above @@ -43,7 +43,7 @@ int sudo_setgroups_v1(int ngids, const GETGROUPS_T *gids) { int maxgids, rval; - debug_decl(sudo_setgroups, SUDO_DEBUG_UTIL) + debug_decl(sudo_setgroups, SUDO_DEBUG_UTIL, SUDO_DEBUG_INSTANCE_DEFAULT) rval = setgroups(ngids, (GETGROUPS_T *)gids); if (rval == -1 && errno == EINVAL) { diff --git a/lib/util/strtobool.c b/lib/util/strtobool.c index 2be6e4833..3bbd57ae2 100644 --- a/lib/util/strtobool.c +++ b/lib/util/strtobool.c @@ -44,7 +44,7 @@ int sudo_strtobool_v1(const char *str) { - debug_decl(sudo_strtobool, SUDO_DEBUG_UTIL) + debug_decl(sudo_strtobool, SUDO_DEBUG_UTIL, SUDO_DEBUG_INSTANCE_DEFAULT) switch (*str) { case '0': diff --git a/lib/util/strtoid.c b/lib/util/strtoid.c index 55adfb9f6..7a6e3c141 100644 --- a/lib/util/strtoid.c +++ b/lib/util/strtoid.c @@ -61,7 +61,7 @@ sudo_strtoid_v1(const char *p, const char *sep, char **endp, const char **errstr char *ep; id_t rval = 0; bool valid = false; - debug_decl(sudo_strtoid, SUDO_DEBUG_UTIL) + debug_decl(sudo_strtoid, SUDO_DEBUG_UTIL, SUDO_DEBUG_INSTANCE_DEFAULT) /* skip leading space so we can pick up the sign, if any */ while (isspace((unsigned char)*p)) diff --git a/lib/util/strtomode.c b/lib/util/strtomode.c index 18a435b00..b35b22c4e 100644 --- a/lib/util/strtomode.c +++ b/lib/util/strtomode.c @@ -46,7 +46,7 @@ sudo_strtomode_v1(const char *cp, const char **errstr) { char *ep; long lval; - debug_decl(sudo_strtomode, SUDO_DEBUG_UTIL) + debug_decl(sudo_strtomode, SUDO_DEBUG_UTIL, SUDO_DEBUG_INSTANCE_DEFAULT) errno = 0; lval = strtol(cp, &ep, 8); diff --git a/lib/util/sudo_conf.c b/lib/util/sudo_conf.c index edb72b15c..8e08eb8f8 100644 --- a/lib/util/sudo_conf.c +++ b/lib/util/sudo_conf.c @@ -338,17 +338,24 @@ set_debugging(const char *conf_file) struct plugin_info *plugin_info; const char *progname; size_t prognamelen; - debug_decl(main, SUDO_DEBUG_UTIL) + int instance; + debug_decl(main, SUDO_DEBUG_UTIL, SUDO_DEBUG_INSTANCE_DEFAULT) progname = getprogname(); prognamelen = strlen(progname); if (prognamelen > 4 && strcmp(progname + 4, "edit") == 0) prognamelen -= 4; TAILQ_FOREACH(debug_spec, &sudo_conf_data.debugging, entries) { - /* XXX - only uses last matching Debug entry */ if (strncmp(debug_spec->progname, progname, prognamelen) == 0 && debug_spec->progname[prognamelen] == '\0') { - sudo_debug_init(TAILQ_LAST(&debug_spec->debug_files, sudo_conf_debug_file_list)->debug_file, TAILQ_LAST(&debug_spec->debug_files, sudo_conf_debug_file_list)->debug_flags); + /* + * Register debug instance for the main program, making it + * the default instance if one is not already set. + */ + instance = sudo_debug_register(progname, NULL, 0, + &debug_spec->debug_files); + if (sudo_debug_get_default_instance() == SUDO_DEBUG_INSTANCE_INITIALIZER) + sudo_debug_set_default_instance(instance); sudo_debug_enter(__func__, __FILE__, __LINE__, sudo_debug_subsys); continue; } @@ -380,7 +387,7 @@ set_paths(const char *conf_file) { struct sudo_conf_setting *path_spec, *next; unsigned int i; - debug_decl(sudo_conf_set_paths, SUDO_DEBUG_UTIL) + debug_decl(sudo_conf_set_paths, SUDO_DEBUG_UTIL, SUDO_DEBUG_INSTANCE_DEFAULT) /* * Store matching paths in sudo_conf_data.path_table. @@ -407,7 +414,6 @@ set_paths(const char *conf_file) sudo_efree(path_spec->name); sudo_efree(path_spec); } - TAILQ_INIT(&sudo_conf_data.paths); debug_return; } @@ -419,9 +425,10 @@ set_variables(const char *conf_file) { struct sudo_conf_setting *setting, *next; struct sudo_conf_var_table *var; - debug_decl(sudo_conf_set_variables, SUDO_DEBUG_UTIL) + debug_decl(sudo_conf_set_variables, SUDO_DEBUG_UTIL, SUDO_DEBUG_INSTANCE_DEFAULT) TAILQ_FOREACH_SAFE(setting, &sudo_conf_data.settings, entries, next) { + TAILQ_REMOVE(&sudo_conf_data.settings, setting, entries); for (var = sudo_conf_var_table; var->name != NULL; var++) { if (strcmp(setting->name, var->name) == 0) { if (var->setter(setting->value, conf_file, setting->lineno)) { @@ -442,7 +449,6 @@ set_variables(const char *conf_file) sudo_efree(setting->value); sudo_efree(setting); } - TAILQ_INIT(&sudo_conf_data.settings); debug_return; } diff --git a/lib/util/sudo_debug.c b/lib/util/sudo_debug.c index 88b966805..a6154f25b 100644 --- a/lib/util/sudo_debug.c +++ b/lib/util/sudo_debug.c @@ -16,6 +16,13 @@ #include +#include /* for howmany() on Linux */ +#ifdef HAVE_SYS_SYSMACROS_H +# include /* for howmany() on Solaris */ +#endif +#ifdef HAVE_SYS_SELECT_H +# include +#endif /* HAVE_SYS_SELECT_H */ #include #include #include @@ -78,7 +85,8 @@ static const char *const sudo_debug_priorities[] = { }; /* Note: this must match the order in sudo_debug.h */ -static const char *const sudo_debug_subsystems[] = { +/* XXX - remove sudoers-specific bits */ +static const char *const sudo_debug_default_subsystems[] = { "main", "args", "exec", @@ -109,62 +117,87 @@ static const char *const sudo_debug_subsystems[] = { NULL }; -#define NUM_SUBSYSTEMS (sizeof(sudo_debug_subsystems) / sizeof(sudo_debug_subsystems[0]) - 1) +#define NUM_SUBSYSTEMS (sizeof(sudo_debug_default_subsystems) / sizeof(sudo_debug_default_subsystems[0]) - 1) + +/* + * For multiple programs/plugins there is a per-program instance + * and one or more outputs (files). + */ +struct sudo_debug_output { + SLIST_ENTRY(sudo_debug_output) entries; + char *filename; + int *settings; + int fd; +}; +SLIST_HEAD(sudo_debug_output_list, sudo_debug_output); +struct sudo_debug_instance { + char *program; + const char *const *subsystems; + int num_subsystems; + struct sudo_debug_output_list outputs; +}; + +/* Support up to 10 instances. */ +#define SUDO_DEBUG_INSTANCE_MAX 10 +static struct sudo_debug_instance *sudo_debug_instances[SUDO_DEBUG_INSTANCE_MAX]; +static int sudo_debug_num_instances; -static int sudo_debug_settings[NUM_SUBSYSTEMS]; -static int sudo_debug_fd = -1; -static bool sudo_debug_initialized; static char sudo_debug_pidstr[(((sizeof(int) * 8) + 2) / 3) + 3]; static size_t sudo_debug_pidlen; -static const int num_subsystems = NUM_SUBSYSTEMS; + +static fd_set sudo_debug_fdset; /* XXX - make dynamic */ +static int sudo_debug_max_fd = -1; + +/* Default instance index to use for common utility functions. */ +static int sudo_debug_default_instance = -1; /* - * Parse settings string from sudo.conf and open debugfile. - * Returns 1 on success, 0 if cannot open debugfile. - * Unsupported subsystems and priorities are silently ignored. + * Create a new output file for the specified debug instance. */ -int sudo_debug_init(const char *debugfile, const char *settings) +static struct sudo_debug_output * +sudo_debug_new_output(struct sudo_debug_instance *instance, + struct sudo_debug_file *debug_file) { char *buf, *cp, *subsys, *pri; + struct sudo_debug_output *output; int i, j; - /* Make sure we are not already initialized. */ - if (sudo_debug_initialized) - return 1; - - /* A debug file name is required. */ - if (debugfile == NULL) - return 1; + /* Create new output for the instance. */ + /* XXX - reuse fd for existing filename? */ + output = sudo_emalloc(sizeof(*output)); + output->settings = sudo_emallocarray(instance->num_subsystems, sizeof(int)); + output->filename = sudo_estrdup(debug_file->debug_file); + output->fd = -1; /* Init per-subsystems settings to -1 since 0 is a valid priority. */ - for (i = 0; i < num_subsystems; i++) - sudo_debug_settings[i] = -1; + for (i = 0; i < instance->num_subsystems; i++) + output->settings[i] = -1; /* Open debug file. */ - if (sudo_debug_fd != -1) - close(sudo_debug_fd); - sudo_debug_fd = open(debugfile, O_WRONLY|O_APPEND, S_IRUSR|S_IWUSR); - if (sudo_debug_fd == -1) { + output->fd = open(output->filename, O_WRONLY|O_APPEND, S_IRUSR|S_IWUSR); + if (output->fd == -1) { /* Create debug file as needed and set group ownership. */ if (errno == ENOENT) { - sudo_debug_fd = open(debugfile, O_WRONLY|O_APPEND|O_CREAT, + output->fd = open(output->filename, O_WRONLY|O_APPEND|O_CREAT, S_IRUSR|S_IWUSR); } - if (sudo_debug_fd == -1) - return 0; - ignore_result(fchown(sudo_debug_fd, (uid_t)-1, 0)); + if (output->fd == -1) + return NULL; + ignore_result(fchown(output->fd, (uid_t)-1, 0)); + } + (void)fcntl(output->fd, F_SETFD, FD_CLOEXEC); + /* XXX - realloc sudo_debug_fdset as needed (or use other bitmap). */ + if (output->fd < FD_SETSIZE) { + FD_SET(output->fd, &sudo_debug_fdset); + if (output->fd > sudo_debug_max_fd) + sudo_debug_max_fd = output->fd; } - (void)fcntl(sudo_debug_fd, F_SETFD, FD_CLOEXEC); - sudo_debug_initialized = true; - - /* Stash the pid string so we only have to format it once. */ - (void)snprintf(sudo_debug_pidstr, sizeof(sudo_debug_pidstr), "[%d] ", - (int)getpid()); - sudo_debug_pidlen = strlen(sudo_debug_pidstr); - /* Parse settings string. */ - if ((buf = strdup(settings)) == NULL) - return 0; + /* Parse Debug conf string. */ + if ((buf = strdup(debug_file->debug_flags)) == NULL) { + /* XXX - free output on error or make non-destructive */ + return NULL; + } for ((cp = strtok(buf, ",")); cp != NULL; (cp = strtok(NULL, ","))) { /* Should be in the form subsys@pri. */ subsys = cp; @@ -175,13 +208,13 @@ int sudo_debug_init(const char *debugfile, const char *settings) /* Look up priority and subsystem, fill in sudo_debug_settings[]. */ for (i = 0; sudo_debug_priorities[i] != NULL; i++) { if (strcasecmp(pri, sudo_debug_priorities[i]) == 0) { - for (j = 0; sudo_debug_subsystems[j] != NULL; j++) { + for (j = 0; instance->subsystems[j] != NULL; j++) { if (strcasecmp(subsys, "all") == 0) { - sudo_debug_settings[j] = i; + output->settings[j] = i; continue; } - if (strcasecmp(subsys, sudo_debug_subsystems[j]) == 0) { - sudo_debug_settings[j] = i; + if (strcasecmp(subsys, instance->subsystems[j]) == 0) { + output->settings[j] = i; break; } } @@ -191,7 +224,169 @@ int sudo_debug_init(const char *debugfile, const char *settings) } free(buf); - return 1; + return output; +} + +/* + * Register a program/plugin with the debug framework, + * parses settings string from sudo.conf and opens debugfile. + * If subsystem names are specified they override the default values. + * NOTE: subsystems must not be freed by caller unless deregistered. + * Returns instance index on success or -1 if cannot open debugfile. + */ +int +sudo_debug_register(const char *program, const char *const subsystems[], + int num_subsystems, struct sudo_conf_debug_file_list *debug_files) +{ + struct sudo_debug_instance *instance = NULL; + struct sudo_debug_output *output; + struct sudo_debug_file *debug_file; + int idx, free_idx = -1; + + if (debug_files == NULL || num_subsystems < 0) + return -1; + + /* Use default subsystem names if none are provided. */ + if (subsystems == NULL || num_subsystems == 0) { + subsystems = sudo_debug_default_subsystems; + num_subsystems = NUM_SUBSYSTEMS; + } + + /* Search for existing instance. */ + for (idx = 0; idx < sudo_debug_num_instances; idx++) { + if (sudo_debug_instances[idx] == NULL) { + free_idx = idx; + continue; + } + if (sudo_debug_instances[idx]->subsystems == subsystems && + strcmp(sudo_debug_instances[idx]->program, program) == 0) { + instance = sudo_debug_instances[idx]; + break; + } + } + + if (instance == NULL) { + if (free_idx != -1) + idx = free_idx; + if (idx == SUDO_DEBUG_INSTANCE_MAX) { + /* XXX - realloc? */ + sudo_warnx_nodebug("too many debug instances (max %d)", SUDO_DEBUG_INSTANCE_MAX); + return -1; + } + if (idx != sudo_debug_num_instances && idx != free_idx) { + sudo_warnx_nodebug("%s: instance number mismatch: expected %d, got %u", __func__, idx, sudo_debug_num_instances); + return -1; + } + instance = sudo_emalloc(sizeof(*instance)); + instance->program = sudo_estrdup(program); + instance->subsystems = subsystems; + instance->num_subsystems = num_subsystems; + SLIST_INIT(&instance->outputs); + sudo_debug_instances[idx] = instance; + if (idx == sudo_debug_num_instances) + sudo_debug_num_instances++; + } + + TAILQ_FOREACH(debug_file, debug_files, entries) { + output = sudo_debug_new_output(instance, debug_file); + if (output != NULL) + SLIST_INSERT_HEAD(&instance->outputs, output, entries); + } + + /* Stash the pid string so we only have to format it once. */ + if (sudo_debug_pidlen == 0) { + (void)snprintf(sudo_debug_pidstr, sizeof(sudo_debug_pidstr), "[%d] ", + (int)getpid()); + sudo_debug_pidlen = strlen(sudo_debug_pidstr); + } + + /* Convert index to instance. */ + return SUDO_DEBUG_MKINSTANCE(idx); +} + +/* + * De-register the specified instance from the debug subsystem + * and free up any associated data structures. + */ +int +sudo_debug_deregister(int instance_id) +{ + struct sudo_debug_instance *instance; + struct sudo_debug_output *output, *next; + int idx; + + idx = SUDO_DEBUG_INSTANCE(instance_id); + if (idx < 0 || idx >= sudo_debug_num_instances) { + sudo_warnx_nodebug("%s: invalid instance number %d, max %u", + __func__, idx + 1, sudo_debug_num_instances); + return -1; + } + /* Reset default instance as needed. */ + if (sudo_debug_default_instance == idx) + sudo_debug_default_instance = -1; + + instance = sudo_debug_instances[idx]; + if (instance == NULL) + return -1; /* already deregistered */ + + /* Free up instance data, note that subsystems[] is owned by caller. */ + sudo_debug_instances[idx] = NULL; + SLIST_FOREACH_SAFE(output, &instance->outputs, entries, next) { + close(output->fd); + sudo_efree(output->filename); + sudo_efree(output->settings); + sudo_efree(output); + } + sudo_efree(instance->program); + sudo_efree(instance); + + if (idx == sudo_debug_num_instances - 1) + sudo_debug_num_instances--; + + return 0; +} + +int +sudo_debug_get_instance(const char *program) +{ + size_t proglen; + int idx; + + /* Treat "sudoedit" as an alias for "sudo". */ + proglen = strlen(program); + if (proglen > 4 && strcmp(program + proglen - 4, "edit") == 0) + proglen -= 4; + + for (idx = 0; idx < sudo_debug_num_instances; idx++) { + if (sudo_debug_instances[idx] == NULL) + continue; + if (strncmp(sudo_debug_instances[idx]->program, program, proglen) == 0 + && sudo_debug_instances[idx]->program[proglen] == '\0') + return SUDO_DEBUG_MKINSTANCE(idx); + } + return SUDO_DEBUG_INSTANCE_INITIALIZER; +} + +int +sudo_debug_set_output_fd(int level, int ofd, int nfd) +{ + struct sudo_debug_instance *instance; + struct sudo_debug_output *output; + int idx; + + idx = SUDO_DEBUG_INSTANCE(level); + if (idx < 0 || idx >= sudo_debug_num_instances) { + sudo_warnx_nodebug("%s: invalid instance number %d, max %u", + __func__, idx + 1, sudo_debug_num_instances); + return -1; + } + + instance = sudo_debug_instances[idx]; + SLIST_FOREACH(output, &instance->outputs, entries) { + if (output->fd == ofd) + output->fd = nfd; + } + return 0; } pid_t @@ -291,7 +486,7 @@ sudo_debug_exit_ptr(const char *func, const char *file, int line, } void -sudo_debug_write2(const char *func, const char *file, int lineno, +sudo_debug_write2(int fd, const char *func, const char *file, int lineno, const char *str, int len, int errnum) { char *timestr, numbuf[(((sizeof(int) * 8) + 2) / 3) + 2]; @@ -364,46 +559,71 @@ sudo_debug_write2(const char *func, const char *file, int lineno, iov[0].iov_len = 16; /* Write message in a single syscall */ - ignore_result(writev(sudo_debug_fd, iov, iovcnt)); + ignore_result(writev(fd, iov, iovcnt)); } void sudo_debug_vprintf2(const char *func, const char *file, int lineno, int level, const char *fmt, va_list ap) { - int pri, subsys; + int buflen, idx, pri, subsys, saved_errno = errno; + char static_buf[1024], *buf = static_buf; + struct sudo_debug_instance *instance; + struct sudo_debug_output *output; + va_list ap2; - if (!sudo_debug_initialized) - return; + if (sudo_debug_num_instances == 0) + goto out; - /* Extract pri and subsystem from level. */ + /* Extract instance index, priority and subsystem from level. */ + idx = SUDO_DEBUG_INSTANCE(level); pri = SUDO_DEBUG_PRI(level); subsys = SUDO_DEBUG_SUBSYS(level); - /* Make sure we want debug info at this level. */ - if (subsys < num_subsystems && sudo_debug_settings[subsys] >= pri) { - char static_buf[1024], *buf = static_buf; - int buflen, saved_errno = errno; - va_list ap2; - - va_copy(ap2, ap); - buflen = fmt ? vsnprintf(static_buf, sizeof(static_buf), fmt, ap) : 0; - if (buflen >= (int)sizeof(static_buf)) { - /* Not enough room in static buf, allocate dynamically. */ - buflen = vasprintf(&buf, fmt, ap2); + /* Find matching instance. */ + if (idx < 0) { + /* Check for default instance, else we are not initialized. */ + if (sudo_debug_default_instance < 0 || + SUDO_DEBUG_MKINSTANCE(idx) != SUDO_DEBUG_INSTANCE_DEFAULT) { + goto out; } - if (buflen != -1) { - int errcode = ISSET(level, SUDO_DEBUG_ERRNO) ? saved_errno : 0; - if (ISSET(level, SUDO_DEBUG_LINENO)) - sudo_debug_write2(func, file, lineno, buf, buflen, errcode); - else - sudo_debug_write2(NULL, NULL, 0, buf, buflen, errcode); - if (buf != static_buf) - free(buf); + idx = sudo_debug_default_instance; + } else if (idx >= sudo_debug_num_instances) { + sudo_warnx_nodebug("%s: invalid instance number %d, max %u", + __func__, idx + 1, sudo_debug_num_instances); + goto out; + } + instance = sudo_debug_instances[idx]; + if (instance == NULL) { + sudo_warnx_nodebug("%s: unregistered instance index %d", __func__, idx); + goto out; + } + + SLIST_FOREACH(output, &instance->outputs, entries) { + /* Make sure we want debug info at this level. */ + if (subsys < instance->num_subsystems && output->settings[subsys] >= pri) { + va_copy(ap2, ap); + buflen = fmt ? vsnprintf(static_buf, sizeof(static_buf), fmt, ap) : 0; + if (buflen >= (int)sizeof(static_buf)) { + /* Not enough room in static buf, allocate dynamically. */ + buflen = vasprintf(&buf, fmt, ap2); + } + if (buflen != -1) { + int errcode = ISSET(level, SUDO_DEBUG_ERRNO) ? saved_errno : 0; + if (ISSET(level, SUDO_DEBUG_LINENO)) + sudo_debug_write2(output->fd, func, file, lineno, buf, buflen, errcode); + else + sudo_debug_write2(output->fd, NULL, NULL, 0, buf, buflen, errcode); + if (buf != static_buf) { + sudo_efree(buf); + buf = static_buf; + } + } + va_end(ap2); } - va_end(ap2); - errno = saved_errno; } +out: + errno = saved_errno; } #ifdef NO_VARIADIC_MACROS @@ -429,108 +649,181 @@ sudo_debug_printf2(const char *func, const char *file, int lineno, int level, va_end(ap); } +#define EXEC_PREFIX "exec " + void sudo_debug_execve2(int level, const char *path, char *const argv[], char *const envp[]) { + int buflen, idx, pri, subsys, saved_errno = errno; + struct sudo_debug_instance *instance; + struct sudo_debug_output *output; char * const *av; char *buf, *cp; - int buflen, pri, subsys, log_envp = 0; size_t plen; - if (!sudo_debug_initialized) - return; + if (sudo_debug_num_instances == 0) + goto out; - /* Extract pri and subsystem from level. */ + /* Extract instance index, priority and subsystem from level. */ + idx = SUDO_DEBUG_INSTANCE(level); pri = SUDO_DEBUG_PRI(level); subsys = SUDO_DEBUG_SUBSYS(level); - /* Make sure we want debug info at this level. */ - if (subsys >= num_subsystems || sudo_debug_settings[subsys] < pri) - return; + /* Find matching instance. */ + if (idx < 0) { + /* Check for default instance, else we are not initialized. */ + if (sudo_debug_default_instance < 0 || + SUDO_DEBUG_MKINSTANCE(idx) != SUDO_DEBUG_INSTANCE_DEFAULT) { + goto out; + } + idx = sudo_debug_default_instance; + } else if (idx >= sudo_debug_num_instances) { + sudo_warnx_nodebug("%s: invalid instance number %d, max %u", + __func__, idx + 1, sudo_debug_num_instances); + goto out; + } + instance = sudo_debug_instances[idx]; + if (instance == NULL) { + sudo_warnx_nodebug("%s: unregistered instance index %d", __func__, idx); + goto out; + } + if (subsys >= instance->num_subsystems) + goto out; - /* Log envp for debug level "debug". */ - if (sudo_debug_settings[subsys] >= SUDO_DEBUG_DEBUG - 1 && envp[0] != NULL) - log_envp = 1; + /* XXX - use static buffer if possible */ + SLIST_FOREACH(output, &instance->outputs, entries) { + bool log_envp = false; -#define EXEC_PREFIX "exec " + /* Make sure we want debug info at this level. */ + if (output->settings[subsys] < pri) + continue; - /* Alloc and build up buffer. */ - plen = strlen(path); - buflen = sizeof(EXEC_PREFIX) -1 + plen; - if (argv[0] != NULL) { - buflen += sizeof(" []") - 1; - for (av = argv; *av; av++) - buflen += strlen(*av) + 1; - buflen--; - } - if (log_envp) { - buflen += sizeof(" []") - 1; - for (av = envp; *av; av++) - buflen += strlen(*av) + 1; - buflen--; - } - buf = malloc(buflen + 1); - if (buf == NULL) - return; - - /* Copy prefix and command. */ - memcpy(buf, EXEC_PREFIX, sizeof(EXEC_PREFIX) - 1); - cp = buf + sizeof(EXEC_PREFIX) - 1; - memcpy(cp, path, plen); - cp += plen; - - /* Copy argv. */ - if (argv[0] != NULL) { - *cp++ = ' '; - *cp++ = '['; - for (av = argv; *av; av++) { - size_t avlen = strlen(*av); - memcpy(cp, *av, avlen); - cp += avlen; + /* Log envp for debug level "debug". */ + if (output->settings[subsys] >= SUDO_DEBUG_DEBUG - 1 && envp[0] != NULL) + log_envp = true; + + /* Alloc and build up buffer. */ + plen = strlen(path); + buflen = sizeof(EXEC_PREFIX) -1 + plen; + if (argv[0] != NULL) { + buflen += sizeof(" []") - 1; + for (av = argv; *av; av++) + buflen += strlen(*av) + 1; + buflen--; + } + if (log_envp) { + buflen += sizeof(" []") - 1; + for (av = envp; *av; av++) + buflen += strlen(*av) + 1; + buflen--; + } + buf = malloc(buflen + 1); + if (buf == NULL) + goto out; + + /* Copy prefix and command. */ + memcpy(buf, EXEC_PREFIX, sizeof(EXEC_PREFIX) - 1); + cp = buf + sizeof(EXEC_PREFIX) - 1; + memcpy(cp, path, plen); + cp += plen; + + /* Copy argv. */ + if (argv[0] != NULL) { *cp++ = ' '; + *cp++ = '['; + for (av = argv; *av; av++) { + size_t avlen = strlen(*av); + memcpy(cp, *av, avlen); + cp += avlen; + *cp++ = ' '; + } + cp[-1] = ']'; } - cp[-1] = ']'; - } - if (log_envp) { - *cp++ = ' '; - *cp++ = '['; - for (av = envp; *av; av++) { - size_t avlen = strlen(*av); - memcpy(cp, *av, avlen); - cp += avlen; + if (log_envp) { *cp++ = ' '; + *cp++ = '['; + for (av = envp; *av; av++) { + size_t avlen = strlen(*av); + memcpy(cp, *av, avlen); + cp += avlen; + *cp++ = ' '; + } + cp[-1] = ']'; } - cp[-1] = ']'; - } - *cp = '\0'; + *cp = '\0'; - sudo_debug_write(buf, buflen, 0); - free(buf); + sudo_debug_write(output->fd, buf, buflen, 0); + free(buf); + } +out: + errno = saved_errno; } /* - * Getter for the debug descriptor. + * Returns the default instance or SUDO_DEBUG_INSTANCE_INITIALIZER + * if no default instance is set. */ int -sudo_debug_fd_get(void) +sudo_debug_get_default_instance(void) { - return sudo_debug_fd; + return SUDO_DEBUG_MKINSTANCE(sudo_debug_default_instance); } /* - * Setter for the debug descriptor. + * Sets a new default instance, returning the old one. + * Note that the old instance may be SUDO_DEBUG_INSTANCE_INITIALIZER + * of this is the only instance. */ int -sudo_debug_fd_set(int fd) +sudo_debug_set_default_instance(int inst) { - if (sudo_debug_fd != -1 && fd != sudo_debug_fd) { - if (dup2(sudo_debug_fd, fd) == -1) - return -1; - (void)fcntl(fd, F_SETFD, FD_CLOEXEC); - close(sudo_debug_fd); - sudo_debug_fd = fd; + const int idx = SUDO_DEBUG_INSTANCE(inst); + const int old_idx = sudo_debug_default_instance; + + if (idx >= -1 && idx < sudo_debug_num_instances) + sudo_debug_default_instance = idx; + return SUDO_DEBUG_MKINSTANCE(old_idx); +} + +/* + * Replace the ofd with nfd in all outputs if present. + * Also updates sudo_debug_fdset. + */ +void +sudo_debug_update_fd(int ofd, int nfd) +{ + int idx; + + if (ofd <= sudo_debug_max_fd && FD_ISSET(ofd, &sudo_debug_fdset)) { + /* Update sudo_debug_fdset. */ + FD_CLR(ofd, &sudo_debug_fdset); + FD_SET(nfd, &sudo_debug_fdset); + + /* Update the outputs. */ + for (idx = 0; idx < sudo_debug_num_instances; idx++) { + struct sudo_debug_instance *instance; + struct sudo_debug_output *output; + + instance = sudo_debug_instances[idx]; + if (instance == NULL) + continue; + SLIST_FOREACH(output, &instance->outputs, entries) { + if (output->fd == ofd) + output->fd = nfd; + } + } } - return sudo_debug_fd; +} + +/* + * Returns the highest debug output fd or -1 if no debug files open. + * Fills in fdsetp with the value of sudo_debug_fdset. + */ +int +sudo_debug_get_fds(fd_set **fdsetp) +{ + *fdsetp = &sudo_debug_fdset; + return sudo_debug_max_fd; } diff --git a/lib/util/term.c b/lib/util/term.c index 27fd97867..b33b303cc 100644 --- a/lib/util/term.c +++ b/lib/util/term.c @@ -119,7 +119,7 @@ tcsetattr_nobg(int fd, int flags, struct termios *tp) bool sudo_term_restore_v1(int fd, bool flush) { - debug_decl(term_restore, SUDO_DEBUG_UTIL) + debug_decl(term_restore, SUDO_DEBUG_UTIL, SUDO_DEBUG_INSTANCE_DEFAULT) if (changed) { const int flags = flush ? (TCSASOFT|TCSAFLUSH) : (TCSASOFT|TCSADRAIN); @@ -137,7 +137,7 @@ sudo_term_restore_v1(int fd, bool flush) bool sudo_term_noecho_v1(int fd) { - debug_decl(term_noecho, SUDO_DEBUG_UTIL) + debug_decl(term_noecho, SUDO_DEBUG_UTIL, SUDO_DEBUG_INSTANCE_DEFAULT) again: if (!changed && tcgetattr(fd, &oterm) != 0) @@ -167,7 +167,7 @@ bool sudo_term_raw_v1(int fd, int isig) { struct termios term; - debug_decl(term_raw, SUDO_DEBUG_UTIL) + debug_decl(term_raw, SUDO_DEBUG_UTIL, SUDO_DEBUG_INSTANCE_DEFAULT) again: if (!changed && tcgetattr(fd, &oterm) != 0) @@ -200,7 +200,7 @@ again: bool sudo_term_cbreak_v1(int fd) { - debug_decl(term_cbreak, SUDO_DEBUG_UTIL) + debug_decl(term_cbreak, SUDO_DEBUG_UTIL, SUDO_DEBUG_INSTANCE_DEFAULT) again: if (!changed && tcgetattr(fd, &oterm) != 0) @@ -238,7 +238,7 @@ bool sudo_term_copy_v1(int src, int dst) { struct termios tt; - debug_decl(term_copy, SUDO_DEBUG_UTIL) + debug_decl(term_copy, SUDO_DEBUG_UTIL, SUDO_DEBUG_INSTANCE_DEFAULT) again: if (tcgetattr(src, &tt) != 0) diff --git a/lib/util/ttysize.c b/lib/util/ttysize.c index 2c2b9c8c8..5ccbb19a3 100644 --- a/lib/util/ttysize.c +++ b/lib/util/ttysize.c @@ -1,5 +1,5 @@ /* - * Copyright (c) 2010-2012 Todd C. Miller + * Copyright (c) 2010-2012, 2014 Todd C. Miller * * Permission to use, copy, modify, and distribute this software for any * purpose with or without fee is hereby granted, provided that the above @@ -52,7 +52,7 @@ static int get_ttysize_ioctl(int *rowp, int *colp) { struct winsize wsize; - debug_decl(get_ttysize_ioctl, SUDO_DEBUG_EXEC) + debug_decl(get_ttysize_ioctl, SUDO_DEBUG_EXEC, SUDO_DEBUG_INSTANCE_DEFAULT) if (ioctl(STDERR_FILENO, TIOCGWINSZ, &wsize) == 0 && wsize.ws_row != 0 && wsize.ws_col != 0) { @@ -73,7 +73,7 @@ get_ttysize_ioctl(int *rowp, int *colp) void sudo_get_ttysize_v1(int *rowp, int *colp) { - debug_decl(sudo_get_ttysize, SUDO_DEBUG_EXEC) + debug_decl(sudo_get_ttysize, SUDO_DEBUG_EXEC, SUDO_DEBUG_INSTANCE_DEFAULT) if (get_ttysize_ioctl(rowp, colp) == -1) { char *p; diff --git a/lib/util/util.exp.in b/lib/util/util.exp.in index 06d87124b..ee58b8bd1 100644 --- a/lib/util/util.exp.in +++ b/lib/util/util.exp.in @@ -11,6 +11,7 @@ sudo_conf_plugins_v1 sudo_conf_probe_interfaces_v1 sudo_conf_read_v1 sudo_conf_sesh_path_v1 +sudo_debug_deregister sudo_debug_enter sudo_debug_execve2 sudo_debug_exit @@ -21,11 +22,14 @@ sudo_debug_exit_ptr sudo_debug_exit_size_t sudo_debug_exit_str sudo_debug_exit_str_masked -sudo_debug_fd_get -sudo_debug_fd_set sudo_debug_fork -sudo_debug_init +sudo_debug_get_default_instance +sudo_debug_get_fds +sudo_debug_get_instance sudo_debug_printf2 +sudo_debug_register +sudo_debug_set_default_instance +sudo_debug_update_fd sudo_debug_vprintf2 sudo_debug_write2 sudo_dso_findsym_v1 diff --git a/plugins/sudoers/Makefile.in b/plugins/sudoers/Makefile.in index 6c8b27342..052c848cc 100644 --- a/plugins/sudoers/Makefile.in +++ b/plugins/sudoers/Makefile.in @@ -138,7 +138,8 @@ AUTH_OBJS = sudo_auth.lo @AUTH_OBJS@ LIBPARSESUDOERS_OBJS = alias.lo audit.lo base64.lo defaults.lo hexchar.lo \ gram.lo match.lo match_addr.lo pwutil.lo pwutil_impl.lo \ - redblack.lo timestr.lo toke.lo toke_util.lo + redblack.lo sudoers_debug.lo timestr.lo toke.lo \ + toke_util.lo SUDOERS_OBJS = $(AUTH_OBJS) boottime.lo check.lo env.lo find_path.lo \ goodpath.lo group_plugin.lo interfaces.lo iolog.lo \ @@ -154,22 +155,23 @@ REPLAY_OBJS = getdate.o locale.o sudoreplay.o TEST_OBJS = group_plugin.o interfaces.o locale.o net_ifs.o \ sudo_printf.o testsudoers.o tsgetgrpw.o -CHECK_ADDR_OBJS = check_addr.o interfaces.o locale.o match_addr.o sudo_printf.o +CHECK_ADDR_OBJS = check_addr.o interfaces.o locale.o match_addr.o \ + sudoers_debug.o sudo_printf.o -CHECK_BASE64_OBJS = check_base64.o base64.o locale.o +CHECK_BASE64_OBJS = check_base64.o base64.o locale.o sudoers_debug.o CHECK_DIGEST_OBJS = check_digest.o locale.o -CHECK_FILL_OBJS = check_fill.o hexchar.o locale.o toke_util.o +CHECK_FILL_OBJS = check_fill.o hexchar.o locale.o toke_util.o sudoers_debug.o -CHECK_HEXCHAR_OBJS = check_hexchar.o hexchar.o locale.o +CHECK_HEXCHAR_OBJS = check_hexchar.o hexchar.o locale.o sudoers_debug.o CHECK_IOLOG_PATH_OBJS = check_iolog_path.o iolog_path.o locale.o \ - pwutil.o pwutil_impl.o redblack.o + pwutil.o pwutil_impl.o redblack.o sudoers_debug.o CHECK_SYMBOLS_OBJS = check_symbols.o locale.o -CHECK_WRAP_OBJS = check_wrap.o locale.o logwrap.o +CHECK_WRAP_OBJS = check_wrap.o locale.o logwrap.o sudoers_debug.o VERSION = @PACKAGE_VERSION@ PACKAGE_TARNAME = @PACKAGE_TARNAME@ @@ -479,18 +481,32 @@ alias.lo: $(srcdir)/alias.c $(devdir)/def_data.h $(devdir)/gram.h \ $(srcdir)/redblack.h $(srcdir)/sudo_nss.h $(srcdir)/sudoers.h \ $(top_builddir)/config.h $(top_builddir)/pathnames.h $(LIBTOOL) --mode=compile $(CC) -c $(CPPFLAGS) $(CFLAGS) $(PIE_CFLAGS) $(SSP_CFLAGS) $(DEFS) $(srcdir)/alias.c -audit.lo: $(srcdir)/audit.c $(incdir)/compat/stdbool.h $(incdir)/sudo_compat.h \ - $(incdir)/sudo_debug.h $(incdir)/sudo_gettext.h \ - $(incdir)/sudo_queue.h $(srcdir)/bsm_audit.h $(srcdir)/linux_audit.h \ - $(srcdir)/logging.h $(srcdir)/solaris_audit.h $(top_builddir)/config.h +audit.lo: $(srcdir)/audit.c $(devdir)/def_data.h $(incdir)/compat/stdbool.h \ + $(incdir)/sudo_alloc.h $(incdir)/sudo_compat.h $(incdir)/sudo_conf.h \ + $(incdir)/sudo_debug.h $(incdir)/sudo_fatal.h \ + $(incdir)/sudo_gettext.h $(incdir)/sudo_plugin.h \ + $(incdir)/sudo_queue.h $(incdir)/sudo_util.h $(srcdir)/bsm_audit.h \ + $(srcdir)/defaults.h $(srcdir)/linux_audit.h $(srcdir)/logging.h \ + $(srcdir)/solaris_audit.h $(srcdir)/sudo_nss.h $(srcdir)/sudoers.h \ + $(top_builddir)/config.h $(top_builddir)/pathnames.h $(LIBTOOL) --mode=compile $(CC) -c $(CPPFLAGS) $(CFLAGS) $(PIE_CFLAGS) $(SSP_CFLAGS) $(DEFS) $(srcdir)/audit.c -base64.lo: $(srcdir)/base64.c $(incdir)/sudo_compat.h $(incdir)/sudo_debug.h \ - $(incdir)/sudo_queue.h $(top_builddir)/config.h +base64.lo: $(srcdir)/base64.c $(devdir)/def_data.h $(incdir)/compat/stdbool.h \ + $(incdir)/sudo_alloc.h $(incdir)/sudo_compat.h \ + $(incdir)/sudo_conf.h $(incdir)/sudo_debug.h $(incdir)/sudo_fatal.h \ + $(incdir)/sudo_gettext.h $(incdir)/sudo_plugin.h \ + $(incdir)/sudo_queue.h $(incdir)/sudo_util.h $(srcdir)/defaults.h \ + $(srcdir)/logging.h $(srcdir)/sudo_nss.h $(srcdir)/sudoers.h \ + $(top_builddir)/config.h $(top_builddir)/pathnames.h $(LIBTOOL) --mode=compile $(CC) -c $(CPPFLAGS) $(CFLAGS) $(PIE_CFLAGS) $(SSP_CFLAGS) $(DEFS) $(srcdir)/base64.c base64.o: base64.lo -boottime.lo: $(srcdir)/boottime.c $(incdir)/compat/stdbool.h \ - $(incdir)/sudo_compat.h $(incdir)/sudo_debug.h \ - $(incdir)/sudo_queue.h $(top_builddir)/config.h +boottime.lo: $(srcdir)/boottime.c $(devdir)/def_data.h \ + $(incdir)/compat/stdbool.h $(incdir)/sudo_alloc.h \ + $(incdir)/sudo_compat.h $(incdir)/sudo_conf.h \ + $(incdir)/sudo_debug.h $(incdir)/sudo_fatal.h \ + $(incdir)/sudo_gettext.h $(incdir)/sudo_plugin.h \ + $(incdir)/sudo_queue.h $(incdir)/sudo_util.h $(srcdir)/defaults.h \ + $(srcdir)/logging.h $(srcdir)/sudo_nss.h $(srcdir)/sudoers.h \ + $(top_builddir)/config.h $(top_builddir)/pathnames.h $(LIBTOOL) --mode=compile $(CC) -c $(CPPFLAGS) $(CFLAGS) $(PIE_CFLAGS) $(SSP_CFLAGS) $(DEFS) $(srcdir)/boottime.c bsdauth.lo: $(authdir)/bsdauth.c $(devdir)/def_data.h \ $(incdir)/compat/stdbool.h $(incdir)/sudo_alloc.h \ @@ -647,8 +663,14 @@ group_plugin.lo: $(srcdir)/group_plugin.c $(devdir)/def_data.h \ $(top_builddir)/config.h $(top_builddir)/pathnames.h $(LIBTOOL) --mode=compile $(CC) -c $(CPPFLAGS) $(CFLAGS) $(PIE_CFLAGS) $(SSP_CFLAGS) $(DEFS) $(srcdir)/group_plugin.c group_plugin.o: group_plugin.lo -hexchar.lo: $(srcdir)/hexchar.c $(incdir)/sudo_compat.h $(incdir)/sudo_debug.h \ - $(incdir)/sudo_queue.h $(top_builddir)/config.h +hexchar.lo: $(srcdir)/hexchar.c $(devdir)/def_data.h \ + $(incdir)/compat/stdbool.h $(incdir)/sudo_alloc.h \ + $(incdir)/sudo_compat.h $(incdir)/sudo_conf.h \ + $(incdir)/sudo_debug.h $(incdir)/sudo_fatal.h \ + $(incdir)/sudo_gettext.h $(incdir)/sudo_plugin.h \ + $(incdir)/sudo_queue.h $(incdir)/sudo_util.h $(srcdir)/defaults.h \ + $(srcdir)/logging.h $(srcdir)/sudo_nss.h $(srcdir)/sudoers.h \ + $(top_builddir)/config.h $(top_builddir)/pathnames.h $(LIBTOOL) --mode=compile $(CC) -c $(CPPFLAGS) $(CFLAGS) $(PIE_CFLAGS) $(SSP_CFLAGS) $(DEFS) $(srcdir)/hexchar.c hexchar.o: hexchar.lo interfaces.lo: $(srcdir)/interfaces.c $(devdir)/def_data.h \ @@ -820,10 +842,15 @@ pwutil_impl.lo: $(srcdir)/pwutil_impl.c $(devdir)/def_data.h \ $(top_builddir)/config.h $(top_builddir)/pathnames.h $(LIBTOOL) --mode=compile $(CC) -c $(CPPFLAGS) $(CFLAGS) $(PIE_CFLAGS) $(SSP_CFLAGS) $(DEFS) $(srcdir)/pwutil_impl.c pwutil_impl.o: pwutil_impl.lo -redblack.lo: $(srcdir)/redblack.c $(incdir)/sudo_alloc.h \ - $(incdir)/sudo_compat.h $(incdir)/sudo_debug.h \ - $(incdir)/sudo_queue.h $(srcdir)/redblack.h \ - $(top_builddir)/config.h +redblack.lo: $(srcdir)/redblack.c $(devdir)/def_data.h \ + $(incdir)/compat/stdbool.h $(incdir)/sudo_alloc.h \ + $(incdir)/sudo_compat.h $(incdir)/sudo_conf.h \ + $(incdir)/sudo_debug.h $(incdir)/sudo_fatal.h \ + $(incdir)/sudo_gettext.h $(incdir)/sudo_plugin.h \ + $(incdir)/sudo_queue.h $(incdir)/sudo_util.h $(srcdir)/defaults.h \ + $(srcdir)/logging.h $(srcdir)/redblack.h $(srcdir)/sudo_nss.h \ + $(srcdir)/sudoers.h $(top_builddir)/config.h \ + $(top_builddir)/pathnames.h $(LIBTOOL) --mode=compile $(CC) -c $(CPPFLAGS) $(CFLAGS) $(PIE_CFLAGS) $(SSP_CFLAGS) $(DEFS) $(srcdir)/redblack.c redblack.o: redblack.lo rfc1938.lo: $(authdir)/rfc1938.c $(devdir)/def_data.h \ @@ -928,6 +955,17 @@ sudoers.lo: $(srcdir)/sudoers.c $(devdir)/def_data.h \ $(srcdir)/sudoers.h $(top_builddir)/config.h \ $(top_builddir)/pathnames.h $(LIBTOOL) --mode=compile $(CC) -c $(CPPFLAGS) $(CFLAGS) $(PIE_CFLAGS) $(SSP_CFLAGS) $(DEFS) $(srcdir)/sudoers.c +sudoers_debug.lo: $(srcdir)/sudoers_debug.c $(devdir)/def_data.h \ + $(incdir)/compat/stdbool.h $(incdir)/sudo_alloc.h \ + $(incdir)/sudo_compat.h $(incdir)/sudo_conf.h \ + $(incdir)/sudo_debug.h $(incdir)/sudo_fatal.h \ + $(incdir)/sudo_gettext.h $(incdir)/sudo_plugin.h \ + $(incdir)/sudo_queue.h $(incdir)/sudo_util.h \ + $(srcdir)/defaults.h $(srcdir)/logging.h \ + $(srcdir)/sudo_nss.h $(srcdir)/sudoers.h \ + $(top_builddir)/config.h $(top_builddir)/pathnames.h + $(LIBTOOL) --mode=compile $(CC) -c $(CPPFLAGS) $(CFLAGS) $(PIE_CFLAGS) $(SSP_CFLAGS) $(DEFS) $(srcdir)/sudoers_debug.c +sudoers_debug.o: sudoers_debug.lo sudoreplay.o: $(srcdir)/sudoreplay.c $(incdir)/compat/getopt.h \ $(incdir)/compat/stdbool.h $(incdir)/compat/timespec.h \ $(incdir)/sudo_alloc.h $(incdir)/sudo_compat.h \ diff --git a/plugins/sudoers/alias.c b/plugins/sudoers/alias.c index 7307abdc6..74e6ce848 100644 --- a/plugins/sudoers/alias.c +++ b/plugins/sudoers/alias.c @@ -1,5 +1,5 @@ /* - * Copyright (c) 2004-2005, 2007-2013 + * Copyright (c) 2004-2005, 2007-2014 * Todd C. Miller * * Permission to use, copy, modify, and distribute this software for any @@ -60,7 +60,7 @@ alias_compare(const void *v1, const void *v2) const struct alias *a1 = (const struct alias *)v1; const struct alias *a2 = (const struct alias *)v2; int res; - debug_decl(alias_compare, SUDO_DEBUG_ALIAS) + debug_decl(alias_compare, SUDO_DEBUG_ALIAS, sudoers_debug_instance) if (v1 == NULL) res = -1; @@ -83,7 +83,7 @@ alias_get(char *name, int type) struct alias key; struct rbnode *node; struct alias *a = NULL; - debug_decl(alias_get, SUDO_DEBUG_ALIAS) + debug_decl(alias_get, SUDO_DEBUG_ALIAS, sudoers_debug_instance) key.name = name; key.type = type; @@ -111,7 +111,7 @@ alias_get(char *name, int type) void alias_put(struct alias *a) { - debug_decl(alias_put, SUDO_DEBUG_ALIAS) + debug_decl(alias_put, SUDO_DEBUG_ALIAS, sudoers_debug_instance) a->used = false; debug_return; } @@ -125,7 +125,7 @@ alias_add(char *name, int type, struct member *members) { static char errbuf[512]; struct alias *a; - debug_decl(alias_add, SUDO_DEBUG_ALIAS) + debug_decl(alias_add, SUDO_DEBUG_ALIAS, sudoers_debug_instance) a = sudo_ecalloc(1, sizeof(*a)); a->name = name; @@ -146,7 +146,7 @@ alias_add(char *name, int type, struct member *members) void alias_apply(int (*func)(void *, void *), void *cookie) { - debug_decl(alias_apply, SUDO_DEBUG_ALIAS) + debug_decl(alias_apply, SUDO_DEBUG_ALIAS, sudoers_debug_instance) rbapply(aliases, func, cookie, inorder); @@ -159,7 +159,7 @@ alias_apply(int (*func)(void *, void *), void *cookie) bool no_aliases(void) { - debug_decl(no_aliases, SUDO_DEBUG_ALIAS) + debug_decl(no_aliases, SUDO_DEBUG_ALIAS, sudoers_debug_instance) debug_return_bool(rbisempty(aliases)); } @@ -173,7 +173,7 @@ alias_free(void *v) struct member *m; struct sudo_command *c; void *next; - debug_decl(alias_free, SUDO_DEBUG_ALIAS) + debug_decl(alias_free, SUDO_DEBUG_ALIAS, sudoers_debug_instance) sudo_efree(a->name); TAILQ_FOREACH_SAFE(m, &a->members, entries, next) { @@ -198,7 +198,7 @@ alias_remove(char *name, int type) { struct rbnode *node; struct alias key; - debug_decl(alias_remove, SUDO_DEBUG_ALIAS) + debug_decl(alias_remove, SUDO_DEBUG_ALIAS, sudoers_debug_instance) key.name = name; key.type = type; @@ -212,7 +212,7 @@ alias_remove(char *name, int type) void init_aliases(void) { - debug_decl(init_aliases, SUDO_DEBUG_ALIAS) + debug_decl(init_aliases, SUDO_DEBUG_ALIAS, sudoers_debug_instance) if (aliases != NULL) rbdestroy(aliases, alias_free); diff --git a/plugins/sudoers/audit.c b/plugins/sudoers/audit.c index bb4d1a9ba..44ae670cc 100644 --- a/plugins/sudoers/audit.c +++ b/plugins/sudoers/audit.c @@ -26,19 +26,8 @@ # include # endif #endif /* STDC_HEADERS */ -#ifdef HAVE_STDBOOL_H -# include -#else -# include "compat/stdbool.h" -#endif /* HAVE_STDBOOL_H */ -#include - -#define DEFAULT_TEXT_DOMAIN "sudoers" -#include "sudo_gettext.h" /* must be included before sudo_compat.h */ -#include "sudo_compat.h" -#include "logging.h" -#include "sudo_debug.h" +#include "sudoers.h" #ifdef HAVE_BSM_AUDIT # include "bsm_audit.h" @@ -54,7 +43,7 @@ int audit_success(int argc, char *argv[]) { int rc = 0; - debug_decl(audit_success, SUDO_DEBUG_AUDIT) + debug_decl(audit_success, SUDO_DEBUG_AUDIT, sudoers_debug_instance) if (argv != NULL) { #ifdef HAVE_BSM_AUDIT @@ -78,7 +67,7 @@ int audit_failure(int argc, char *argv[], char const *const fmt, ...) { int rc = 0; - debug_decl(audit_success, SUDO_DEBUG_AUDIT) + debug_decl(audit_success, SUDO_DEBUG_AUDIT, sudoers_debug_instance) #if defined(HAVE_BSM_AUDIT) || defined(HAVE_LINUX_AUDIT) if (argv != NULL) { diff --git a/plugins/sudoers/auth/afs.c b/plugins/sudoers/auth/afs.c index 99ceb4713..505892af6 100644 --- a/plugins/sudoers/auth/afs.c +++ b/plugins/sudoers/auth/afs.c @@ -1,5 +1,5 @@ /* - * Copyright (c) 1999, 2001-2005, 2007, 2010-2012 + * Copyright (c) 1999, 2001-2005, 2007, 2010-2012, 2014 * Todd C. Miller * * Permission to use, copy, modify, and distribute this software for any @@ -53,7 +53,7 @@ sudo_afs_verify(struct passwd *pw, char *pass, sudo_auth *auth) { struct ktc_encryptionKey afs_key; struct ktc_token afs_token; - debug_decl(sudo_afs_verify, SUDO_DEBUG_AUTH) + debug_decl(sudo_afs_verify, SUDO_DEBUG_AUTH, sudoers_debug_instance) /* Try to just check the password */ ka_StringToKey(pass, NULL, &afs_key); diff --git a/plugins/sudoers/auth/aix_auth.c b/plugins/sudoers/auth/aix_auth.c index b95b86043..842f6a546 100644 --- a/plugins/sudoers/auth/aix_auth.c +++ b/plugins/sudoers/auth/aix_auth.c @@ -1,5 +1,5 @@ /* - * Copyright (c) 1999-2005, 2007-2013 Todd C. Miller + * Copyright (c) 1999-2005, 2007-2014 Todd C. Miller * * Permission to use, copy, modify, and distribute this software for any * purpose with or without fee is hereby granted, provided that the above @@ -55,7 +55,7 @@ sudo_aix_verify(struct passwd *pw, char *prompt, sudo_auth *auth) char *pass, *message = NULL; int result = 1, reenter = 0; int rval = AUTH_SUCCESS; - debug_decl(sudo_aix_verify, SUDO_DEBUG_AUTH) + debug_decl(sudo_aix_verify, SUDO_DEBUG_AUTH, sudoers_debug_instance) do { pass = auth_getpass(prompt, def_passwd_timeout * 60, @@ -90,7 +90,7 @@ sudo_aix_verify(struct passwd *pw, char *prompt, sudo_auth *auth) int sudo_aix_cleanup(struct passwd *pw, sudo_auth *auth) { - debug_decl(sudo_aix_cleanup, SUDO_DEBUG_AUTH) + debug_decl(sudo_aix_cleanup, SUDO_DEBUG_AUTH, sudoers_debug_instance) /* Unset AUTHSTATE as it may not be correct for the runas user. */ if (sudo_unsetenv("AUTHSTATE") == -1) diff --git a/plugins/sudoers/auth/bsdauth.c b/plugins/sudoers/auth/bsdauth.c index 8b546be4d..35ff64410 100644 --- a/plugins/sudoers/auth/bsdauth.c +++ b/plugins/sudoers/auth/bsdauth.c @@ -63,7 +63,7 @@ int bsdauth_init(struct passwd *pw, sudo_auth *auth) { static struct bsdauth_state state; - debug_decl(bsdauth_init, SUDO_DEBUG_AUTH) + debug_decl(bsdauth_init, SUDO_DEBUG_AUTH, sudoers_debug_instance) /* Get login class based on auth user, which may not be invoking user. */ if (pw->pw_class && *pw->pw_class) @@ -113,7 +113,7 @@ bsdauth_verify(struct passwd *pw, char *prompt, sudo_auth *auth) int authok = 0; sigaction_t sa, osa; auth_session_t *as = ((struct bsdauth_state *) auth->data)->as; - debug_decl(bsdauth_verify, SUDO_DEBUG_AUTH) + debug_decl(bsdauth_verify, SUDO_DEBUG_AUTH, sudoers_debug_instance) /* save old signal handler */ sigemptyset(&sa.sa_mask); @@ -174,7 +174,7 @@ int bsdauth_cleanup(struct passwd *pw, sudo_auth *auth) { struct bsdauth_state *state = auth->data; - debug_decl(bsdauth_cleanup, SUDO_DEBUG_AUTH) + debug_decl(bsdauth_cleanup, SUDO_DEBUG_AUTH, sudoers_debug_instance) if (state != NULL) { auth_close(state->as); diff --git a/plugins/sudoers/auth/dce.c b/plugins/sudoers/auth/dce.c index cc511e7b7..d4de045b5 100644 --- a/plugins/sudoers/auth/dce.c +++ b/plugins/sudoers/auth/dce.c @@ -1,5 +1,5 @@ /* - * Copyright (c) 1996, 1998-2005, 2010-2012 + * Copyright (c) 1996, 1998-2005, 2010-2012, 2014 * Todd C. Miller * * Permission to use, copy, modify, and distribute this software for any @@ -74,7 +74,7 @@ sudo_dce_verify(struct passwd *pw, char *plain_pw, sudo_auth *auth) boolean32 reset_passwd; sec_login_auth_src_t auth_src; error_status_t status; - debug_decl(sudo_dce_verify, SUDO_DEBUG_AUTH) + debug_decl(sudo_dce_verify, SUDO_DEBUG_AUTH, sudoers_debug_instance) /* * Create the local context of the DCE principal necessary @@ -188,7 +188,7 @@ check_dce_status(error_status_t input_status, char *comment) { int error_stat; unsigned char error_string[dce_c_error_string_len]; - debug_decl(check_dce_status, SUDO_DEBUG_AUTH) + debug_decl(check_dce_status, SUDO_DEBUG_AUTH, sudoers_debug_instance) if (input_status == rpc_s_ok) debug_return_bool(0); diff --git a/plugins/sudoers/auth/fwtk.c b/plugins/sudoers/auth/fwtk.c index 98a7327af..dce4b93ac 100644 --- a/plugins/sudoers/auth/fwtk.c +++ b/plugins/sudoers/auth/fwtk.c @@ -1,5 +1,5 @@ /* - * Copyright (c) 1999-2005, 2008, 2010-2013 + * Copyright (c) 1999-2005, 2008, 2010-2014 * Todd C. Miller * * Permission to use, copy, modify, and distribute this software for any @@ -53,7 +53,7 @@ sudo_fwtk_init(struct passwd *pw, sudo_auth *auth) { static Cfg *confp; /* Configuration entry struct */ char resp[128]; /* Response from the server */ - debug_decl(sudo_fwtk_init, SUDO_DEBUG_AUTH) + debug_decl(sudo_fwtk_init, SUDO_DEBUG_AUTH, sudoers_debug_instance) if ((confp = cfg_read("sudo")) == (Cfg *)-1) { sudo_warnx(U_("unable to read fwtk config")); @@ -85,7 +85,7 @@ sudo_fwtk_verify(struct passwd *pw, char *prompt, sudo_auth *auth) char buf[SUDO_CONV_REPL_MAX + 12]; /* General prupose buffer */ char resp[128]; /* Response from the server */ int error; - debug_decl(sudo_fwtk_verify, SUDO_DEBUG_AUTH) + debug_decl(sudo_fwtk_verify, SUDO_DEBUG_AUTH, sudoers_debug_instance) /* Send username to authentication server. */ (void) snprintf(buf, sizeof(buf), "authorize %s 'sudo'", pw->pw_name); @@ -147,7 +147,7 @@ done: int sudo_fwtk_cleanup(struct passwd *pw, sudo_auth *auth) { - debug_decl(sudo_fwtk_cleanup, SUDO_DEBUG_AUTH) + debug_decl(sudo_fwtk_cleanup, SUDO_DEBUG_AUTH, sudoers_debug_instance) auth_close(); debug_return_int(AUTH_SUCCESS); diff --git a/plugins/sudoers/auth/kerb5.c b/plugins/sudoers/auth/kerb5.c index 1061df7e8..6ec3a2410 100644 --- a/plugins/sudoers/auth/kerb5.c +++ b/plugins/sudoers/auth/kerb5.c @@ -96,7 +96,7 @@ int sudo_krb5_setup(struct passwd *pw, char **promptp, sudo_auth *auth) { static char *krb5_prompt; - debug_decl(sudo_krb5_init, SUDO_DEBUG_AUTH) + debug_decl(sudo_krb5_init, SUDO_DEBUG_AUTH, sudoers_debug_instance) if (krb5_prompt == NULL) { krb5_context sudo_context; @@ -135,7 +135,7 @@ sudo_krb5_init(struct passwd *pw, sudo_auth *auth) krb5_context sudo_context; krb5_error_code error; char cache_name[64], *pname = pw->pw_name; - debug_decl(sudo_krb5_init, SUDO_DEBUG_AUTH) + debug_decl(sudo_krb5_init, SUDO_DEBUG_AUTH, sudoers_debug_instance) auth->data = (void *) &sudo_krb5_data; /* Stash all our data here */ @@ -183,7 +183,7 @@ sudo_krb5_verify(struct passwd *pw, char *pass, sudo_auth *auth) krb5_principal princ; krb5_ccache ccache; krb5_error_code error; - debug_decl(sudo_krb5_verify, SUDO_DEBUG_AUTH) + debug_decl(sudo_krb5_verify, SUDO_DEBUG_AUTH, sudoers_debug_instance) sudo_context = ((sudo_krb5_datap) auth->data)->sudo_context; princ = ((sudo_krb5_datap) auth->data)->princ; @@ -202,7 +202,7 @@ sudo_krb5_verify(struct passwd *pw, char *pass, sudo_auth *auth) krb5_ccache ccache; krb5_error_code error; krb5_get_init_creds_opt *opts = NULL; - debug_decl(sudo_krb5_verify, SUDO_DEBUG_AUTH) + debug_decl(sudo_krb5_verify, SUDO_DEBUG_AUTH, sudoers_debug_instance) sudo_context = ((sudo_krb5_datap) auth->data)->sudo_context; princ = ((sudo_krb5_datap) auth->data)->princ; @@ -266,7 +266,7 @@ sudo_krb5_cleanup(struct passwd *pw, sudo_auth *auth) krb5_context sudo_context; krb5_principal princ; krb5_ccache ccache; - debug_decl(sudo_krb5_cleanup, SUDO_DEBUG_AUTH) + debug_decl(sudo_krb5_cleanup, SUDO_DEBUG_AUTH, sudoers_debug_instance) sudo_context = ((sudo_krb5_datap) auth->data)->sudo_context; princ = ((sudo_krb5_datap) auth->data)->princ; @@ -298,7 +298,7 @@ verify_krb_v5_tgt(krb5_context sudo_context, krb5_creds *cred, char *auth_name) krb5_error_code error; krb5_principal server; krb5_verify_init_creds_opt vopt; - debug_decl(verify_krb_v5_tgt, SUDO_DEBUG_AUTH) + debug_decl(verify_krb_v5_tgt, SUDO_DEBUG_AUTH, sudoers_debug_instance) /* * Get the server principal for the local host. diff --git a/plugins/sudoers/auth/pam.c b/plugins/sudoers/auth/pam.c index fac9fb9c8..e4e2e7475 100644 --- a/plugins/sudoers/auth/pam.c +++ b/plugins/sudoers/auth/pam.c @@ -87,7 +87,7 @@ sudo_pam_init(struct passwd *pw, sudo_auth *auth) { static struct pam_conv pam_conv; static int pam_status; - debug_decl(sudo_pam_init, SUDO_DEBUG_AUTH) + debug_decl(sudo_pam_init, SUDO_DEBUG_AUTH, sudoers_debug_instance) /* Initial PAM setup */ auth->data = (void *) &pam_status; @@ -133,7 +133,7 @@ sudo_pam_verify(struct passwd *pw, char *prompt, sudo_auth *auth) { const char *s; int *pam_status = (int *) auth->data; - debug_decl(sudo_pam_verify, SUDO_DEBUG_AUTH) + debug_decl(sudo_pam_verify, SUDO_DEBUG_AUTH, sudoers_debug_instance) def_prompt = prompt; /* for converse */ @@ -193,7 +193,7 @@ int sudo_pam_cleanup(struct passwd *pw, sudo_auth *auth) { int *pam_status = (int *) auth->data; - debug_decl(sudo_pam_cleanup, SUDO_DEBUG_AUTH) + debug_decl(sudo_pam_cleanup, SUDO_DEBUG_AUTH, sudoers_debug_instance) /* If successful, we can't close the session until sudo_pam_end_session() */ if (*pam_status != PAM_SUCCESS || auth->end_session == NULL) { @@ -208,7 +208,7 @@ sudo_pam_begin_session(struct passwd *pw, char **user_envp[], sudo_auth *auth) { int status = AUTH_SUCCESS; int *pam_status = (int *) auth->data; - debug_decl(sudo_pam_begin_session, SUDO_DEBUG_AUTH) + debug_decl(sudo_pam_begin_session, SUDO_DEBUG_AUTH, sudoers_debug_instance) /* * If there is no valid user we cannot open a PAM session. @@ -279,7 +279,7 @@ int sudo_pam_end_session(struct passwd *pw, sudo_auth *auth) { int status = AUTH_SUCCESS; - debug_decl(sudo_pam_end_session, SUDO_DEBUG_AUTH) + debug_decl(sudo_pam_end_session, SUDO_DEBUG_AUTH, sudoers_debug_instance) if (pamh != NULL) { /* @@ -326,7 +326,7 @@ converse(int num_msg, PAM_CONST struct pam_message **msg, char *pass; int n, type; int ret = PAM_AUTH_ERR; - debug_decl(converse, SUDO_DEBUG_AUTH) + debug_decl(converse, SUDO_DEBUG_AUTH, sudoers_debug_instance) if ((*response = calloc(num_msg, sizeof(struct pam_response))) == NULL) debug_return_int(PAM_SYSTEM_ERR); diff --git a/plugins/sudoers/auth/passwd.c b/plugins/sudoers/auth/passwd.c index 807cc9c26..3766d2336 100644 --- a/plugins/sudoers/auth/passwd.c +++ b/plugins/sudoers/auth/passwd.c @@ -1,5 +1,5 @@ /* - * Copyright (c) 1999-2005, 2010-2013 Todd C. Miller + * Copyright (c) 1999-2005, 2010-2014 Todd C. Miller * * Permission to use, copy, modify, and distribute this software for any * purpose with or without fee is hereby granted, provided that the above @@ -50,7 +50,7 @@ int sudo_passwd_init(struct passwd *pw, sudo_auth *auth) { - debug_decl(sudo_passwd_init, SUDO_DEBUG_AUTH) + debug_decl(sudo_passwd_init, SUDO_DEBUG_AUTH, sudoers_debug_instance) #ifdef HAVE_SKEYACCESS if (skeyaccess(pw, user_tty, NULL, NULL) == 0) @@ -69,7 +69,7 @@ sudo_passwd_verify(struct passwd *pw, char *pass, sudo_auth *auth) char *pw_epasswd = auth->data; size_t pw_len; int matched = 0; - debug_decl(sudo_passwd_verify, SUDO_DEBUG_AUTH) + debug_decl(sudo_passwd_verify, SUDO_DEBUG_AUTH, sudoers_debug_instance) pw_len = strlen(pw_epasswd); @@ -111,7 +111,7 @@ sudo_passwd_cleanup(pw, auth) sudo_auth *auth; { char *pw_epasswd = auth->data; - debug_decl(sudo_passwd_cleanup, SUDO_DEBUG_AUTH) + debug_decl(sudo_passwd_cleanup, SUDO_DEBUG_AUTH, sudoers_debug_instance) if (pw_epasswd != NULL) { memset_s(pw_epasswd, SUDO_CONV_REPL_MAX, 0, strlen(pw_epasswd)); diff --git a/plugins/sudoers/auth/rfc1938.c b/plugins/sudoers/auth/rfc1938.c index 3ce8e391b..840402e4c 100644 --- a/plugins/sudoers/auth/rfc1938.c +++ b/plugins/sudoers/auth/rfc1938.c @@ -1,5 +1,5 @@ /* - * Copyright (c) 1994-1996, 1998-2005, 2010-2012 + * Copyright (c) 1994-1996, 1998-2005, 2010-2012, 2014 * Todd C. Miller * * Permission to use, copy, modify, and distribute this software for any @@ -68,7 +68,7 @@ sudo_rfc1938_setup(struct passwd *pw, char **promptp, sudo_auth *auth) static char *orig_prompt = NULL, *new_prompt = NULL; static int op_len, np_size; static struct RFC1938 rfc1938; - debug_decl(sudo_rfc1938_setup, SUDO_DEBUG_AUTH) + debug_decl(sudo_rfc1938_setup, SUDO_DEBUG_AUTH, sudoers_debug_instance) /* Stash a pointer to the rfc1938 struct if we have not initialized */ if (!auth->data) @@ -126,7 +126,7 @@ sudo_rfc1938_setup(struct passwd *pw, char **promptp, sudo_auth *auth) int sudo_rfc1938_verify(struct passwd *pw, char *pass, sudo_auth *auth) { - debug_decl(sudo_rfc1938_verify, SUDO_DEBUG_AUTH) + debug_decl(sudo_rfc1938_verify, SUDO_DEBUG_AUTH, sudoers_debug_instance) if (rfc1938verify((struct RFC1938 *) auth->data, pass) == 0) debug_return_int(AUTH_SUCCESS); diff --git a/plugins/sudoers/auth/secureware.c b/plugins/sudoers/auth/secureware.c index e081c8fac..0d20baee7 100644 --- a/plugins/sudoers/auth/secureware.c +++ b/plugins/sudoers/auth/secureware.c @@ -1,5 +1,5 @@ /* - * Copyright (c) 1998-2005, 2010-2013 Todd C. Miller + * Copyright (c) 1998-2005, 2010-2014 Todd C. Miller * * Permission to use, copy, modify, and distribute this software for any * purpose with or without fee is hereby granted, provided that the above @@ -56,12 +56,12 @@ sudo_secureware_init(struct passwd *pw, sudo_auth *auth) { #ifdef __alpha extern int crypt_type; - debug_decl(sudo_secureware_init, SUDO_DEBUG_AUTH) + debug_decl(sudo_secureware_init, SUDO_DEBUG_AUTH, sudoers_debug_instance) if (crypt_type == INT_MAX) debug_return_int(AUTH_FAILURE); /* no shadow */ #else - debug_decl(secureware_init, SUDO_DEBUG_AUTH) + debug_decl(secureware_init, SUDO_DEBUG_AUTH, sudoers_debug_instance) #endif sudo_setspent(); auth->data = sudo_getepw(pw); @@ -74,7 +74,7 @@ sudo_secureware_verify(struct passwd *pw, char *pass, sudo_auth *auth) { char *pw_epasswd = auth->data; char *epass = NULL; - debug_decl(sudo_secureware_verify, SUDO_DEBUG_AUTH) + debug_decl(sudo_secureware_verify, SUDO_DEBUG_AUTH, sudoers_debug_instance) #ifdef __alpha { extern int crypt_type; @@ -103,7 +103,7 @@ sudo_secureware_cleanup(pw, auth) sudo_auth *auth; { char *pw_epasswd = auth->data; - debug_decl(sudo_secureware_cleanup, SUDO_DEBUG_AUTH) + debug_decl(sudo_secureware_cleanup, SUDO_DEBUG_AUTH, sudoers_debug_instance) if (pw_epasswd != NULL) { memset_s(pw_epasswd, SUDO_CONV_REPL_MAX, 0, strlen(pw_epasswd)); diff --git a/plugins/sudoers/auth/securid5.c b/plugins/sudoers/auth/securid5.c index 8d34df89e..807489109 100644 --- a/plugins/sudoers/auth/securid5.c +++ b/plugins/sudoers/auth/securid5.c @@ -1,5 +1,5 @@ /* - * Copyright (c) 1999-2005, 2007, 2010-2012 + * Copyright (c) 1999-2005, 2007, 2010-2012, 2014 * Todd C. Miller * Copyright (c) 2002 Michael Stroucken * @@ -69,7 +69,7 @@ int sudo_securid_init(struct passwd *pw, sudo_auth *auth) { static SDI_HANDLE sd_dat; /* SecurID handle */ - debug_decl(sudo_securid_init, SUDO_DEBUG_AUTH) + debug_decl(sudo_securid_init, SUDO_DEBUG_AUTH, sudoers_debug_instance) auth->data = (void *) &sd_dat; /* For method-specific data */ @@ -99,7 +99,7 @@ sudo_securid_setup(struct passwd *pw, char **promptp, sudo_auth *auth) { SDI_HANDLE *sd = (SDI_HANDLE *) auth->data; int retval; - debug_decl(sudo_securid_setup, SUDO_DEBUG_AUTH) + debug_decl(sudo_securid_setup, SUDO_DEBUG_AUTH, sudoers_debug_instance) /* Re-initialize SecurID every time. */ if (SD_Init(sd) != ACM_OK) { @@ -150,7 +150,7 @@ sudo_securid_verify(struct passwd *pw, char *pass, sudo_auth *auth) { SDI_HANDLE *sd = (SDI_HANDLE *) auth->data; int rval; - debug_decl(sudo_securid_verify, SUDO_DEBUG_AUTH) + debug_decl(sudo_securid_verify, SUDO_DEBUG_AUTH, sudoers_debug_instance) pass = auth_getpass("Enter your PASSCODE: ", def_passwd_timeout * 60, SUDO_CONV_PROMPT_ECHO_OFF); diff --git a/plugins/sudoers/auth/sia.c b/plugins/sudoers/auth/sia.c index 3223f7429..197de2153 100644 --- a/plugins/sudoers/auth/sia.c +++ b/plugins/sudoers/auth/sia.c @@ -69,7 +69,7 @@ sudo_collect(int timeout, int rendition, uchar_t *title, int nprompts, { int rval; sigset_t mask, omask; - debug_decl(sudo_collect, SUDO_DEBUG_AUTH) + debug_decl(sudo_collect, SUDO_DEBUG_AUTH, sudoers_debug_instance) switch (rendition) { case SIAFORM: @@ -108,7 +108,7 @@ sudo_sia_setup(struct passwd *pw, char **promptp, sudo_auth *auth) { SIAENTITY *siah = NULL; int i; - debug_decl(sudo_sia_setup, SUDO_DEBUG_AUTH) + debug_decl(sudo_sia_setup, SUDO_DEBUG_AUTH, sudoers_debug_instance) /* Rebuild argv for sia_ses_init() */ sudo_argc = NewArgc + 1; @@ -132,7 +132,7 @@ int sudo_sia_verify(struct passwd *pw, char *prompt, sudo_auth *auth) { SIAENTITY *siah = (SIAENTITY *) auth->data; - debug_decl(sudo_sia_verify, SUDO_DEBUG_AUTH) + debug_decl(sudo_sia_verify, SUDO_DEBUG_AUTH, sudoers_debug_instance) def_prompt = prompt; /* for sudo_collect */ @@ -147,7 +147,7 @@ int sudo_sia_cleanup(struct passwd *pw, sudo_auth *auth) { SIAENTITY *siah = (SIAENTITY *) auth->data; - debug_decl(sudo_sia_cleanup, SUDO_DEBUG_AUTH) + debug_decl(sudo_sia_cleanup, SUDO_DEBUG_AUTH, sudoers_debug_instance) (void) sia_ses_release(&siah); sudo_efree(sudo_argv); diff --git a/plugins/sudoers/auth/sudo_auth.c b/plugins/sudoers/auth/sudo_auth.c index 2012e7ae6..19c96b18b 100644 --- a/plugins/sudoers/auth/sudo_auth.c +++ b/plugins/sudoers/auth/sudo_auth.c @@ -104,7 +104,7 @@ sudo_auth_init(struct passwd *pw) { sudo_auth *auth; int status = AUTH_SUCCESS; - debug_decl(sudo_auth_init, SUDO_DEBUG_AUTH) + debug_decl(sudo_auth_init, SUDO_DEBUG_AUTH, sudoers_debug_instance) if (auth_switch[0].name == NULL) debug_return_int(0); @@ -146,7 +146,7 @@ sudo_auth_cleanup(struct passwd *pw) { sudo_auth *auth; int status = AUTH_SUCCESS; - debug_decl(sudo_auth_cleanup, SUDO_DEBUG_AUTH) + debug_decl(sudo_auth_cleanup, SUDO_DEBUG_AUTH, sudoers_debug_instance) /* Call cleanup routines. */ for (auth = auth_switch; auth->name; auth++) { @@ -163,7 +163,7 @@ static void pass_warn(void) { const char *warning = def_badpass_message; - debug_decl(pass_warn, SUDO_DEBUG_AUTH) + debug_decl(pass_warn, SUDO_DEBUG_AUTH, sudoers_debug_instance) #ifdef INSULT if (def_insults) @@ -196,7 +196,7 @@ verify_user(struct passwd *pw, char *prompt, int validated) sudo_auth *auth; sigset_t mask, omask; sigaction_t sa, saved_sigtstp; - debug_decl(verify_user, SUDO_DEBUG_AUTH) + debug_decl(verify_user, SUDO_DEBUG_AUTH, sudoers_debug_instance) /* Make sure we have at least one auth method. */ if (auth_switch[0].name == NULL) { @@ -316,7 +316,7 @@ sudo_auth_begin_session(struct passwd *pw, char **user_env[]) { sudo_auth *auth; int status = AUTH_SUCCESS; - debug_decl(sudo_auth_begin_session, SUDO_DEBUG_AUTH) + debug_decl(sudo_auth_begin_session, SUDO_DEBUG_AUTH, sudoers_debug_instance) for (auth = auth_switch; auth->name; auth++) { if (auth->begin_session && !IS_DISABLED(auth)) { @@ -333,7 +333,7 @@ sudo_auth_needs_end_session(void) { sudo_auth *auth; bool needed = false; - debug_decl(sudo_auth_needs_end_session, SUDO_DEBUG_AUTH) + debug_decl(sudo_auth_needs_end_session, SUDO_DEBUG_AUTH, sudoers_debug_instance) for (auth = auth_switch; auth->name; auth++) { if (auth->end_session && !IS_DISABLED(auth)) { @@ -353,7 +353,7 @@ sudo_auth_end_session(struct passwd *pw) { sudo_auth *auth; int status = AUTH_SUCCESS; - debug_decl(sudo_auth_end_session, SUDO_DEBUG_AUTH) + debug_decl(sudo_auth_end_session, SUDO_DEBUG_AUTH, sudoers_debug_instance) for (auth = auth_switch; auth->name; auth++) { if (auth->end_session && !IS_DISABLED(auth)) { @@ -371,7 +371,7 @@ auth_getpass(const char *prompt, int timeout, int type) struct sudo_conv_message msg; struct sudo_conv_reply repl; sigset_t mask, omask; - debug_decl(auth_getpass, SUDO_DEBUG_AUTH) + debug_decl(auth_getpass, SUDO_DEBUG_AUTH, sudoers_debug_instance) /* Mask user input if pwfeedback set and echo is off. */ if (type == SUDO_CONV_PROMPT_ECHO_OFF && def_pwfeedback) @@ -407,7 +407,7 @@ void dump_auth_methods(void) { sudo_auth *auth; - debug_decl(dump_auth_methods, SUDO_DEBUG_AUTH) + debug_decl(dump_auth_methods, SUDO_DEBUG_AUTH, sudoers_debug_instance) sudo_printf(SUDO_CONV_INFO_MSG, _("Authentication methods:")); for (auth = auth_switch; auth->name; auth++) diff --git a/plugins/sudoers/base64.c b/plugins/sudoers/base64.c index a5c32ebe4..6e0e7284d 100644 --- a/plugins/sudoers/base64.c +++ b/plugins/sudoers/base64.c @@ -1,5 +1,5 @@ /* - * Copyright (c) 2013 Todd C. Miller + * Copyright (c) 2013-2014 Todd C. Miller * * Permission to use, copy, modify, and distribute this software for any * purpose with or without fee is hereby granted, provided that the above @@ -35,8 +35,7 @@ # include #endif /* HAVE_STRINGS_H */ -#include "sudo_compat.h" -#include "sudo_debug.h" +#include "sudoers.h" /* * Decode a NUL-terminated string in base64 format and store the @@ -52,7 +51,7 @@ base64_decode(const char *str, unsigned char *dst, size_t dsize) unsigned char ch[4]; char *pos; int i; - debug_decl(base64_decode, SUDO_DEBUG_MATCH) + debug_decl(base64_decode, SUDO_DEBUG_MATCH, sudoers_debug_instance) /* * Convert from base64 to binary. Each base64 char holds 6 bits of data diff --git a/plugins/sudoers/boottime.c b/plugins/sudoers/boottime.c index 4c9df8a2d..21223aa83 100644 --- a/plugins/sudoers/boottime.c +++ b/plugins/sudoers/boottime.c @@ -1,5 +1,5 @@ /* - * Copyright (c) 2009-2013 Todd C. Miller + * Copyright (c) 2009-2014 Todd C. Miller * * Permission to use, copy, modify, and distribute this software for any * purpose with or without fee is hereby granted, provided that the above @@ -56,8 +56,7 @@ # endif #endif /* !__linux__ */ -#include "sudo_compat.h" -#include "sudo_debug.h" +#include "sudoers.h" /* * Fill in a struct timeval with the time the system booted. @@ -73,7 +72,7 @@ get_boottime(struct timeval *tv) bool found = false; ssize_t len; FILE *fp; - debug_decl(get_boottime, SUDO_DEBUG_UTIL) + debug_decl(get_boottime, SUDO_DEBUG_UTIL, sudoers_debug_instance) /* read btime from /proc/stat */ fp = fopen("/proc/stat", "r"); @@ -103,7 +102,7 @@ get_boottime(struct timeval *tv) { size_t size; int mib[2]; - debug_decl(get_boottime, SUDO_DEBUG_UTIL) + debug_decl(get_boottime, SUDO_DEBUG_UTIL, sudoers_debug_instance) mib[0] = CTL_KERN; mib[1] = KERN_BOOTTIME; @@ -116,11 +115,11 @@ get_boottime(struct timeval *tv) #elif defined(HAVE_GETUTXID) -int +bool get_boottime(struct timeval *tv) { struct utmpx *ut, key; - debug_decl(get_boottime, SUDO_DEBUG_UTIL) + debug_decl(get_boottime, SUDO_DEBUG_UTIL, sudoers_debug_instance) memset(&key, 0, sizeof(key)); key.ut_type = BOOT_TIME; @@ -135,11 +134,11 @@ get_boottime(struct timeval *tv) #elif defined(HAVE_GETUTID) -int +bool get_boottime(struct timeval *tv) { struct utmp *ut, key; - debug_decl(get_boottime, SUDO_DEBUG_UTIL) + debug_decl(get_boottime, SUDO_DEBUG_UTIL, sudoers_debug_instance) memset(&key, 0, sizeof(key)); key.ut_type = BOOT_TIME; @@ -154,10 +153,10 @@ get_boottime(struct timeval *tv) #else -int +bool get_boottime(struct timeval *tv) { - debug_decl(get_boottime, SUDO_DEBUG_UTIL) + debug_decl(get_boottime, SUDO_DEBUG_UTIL, sudoers_debug_instance) debug_return_bool(false); } #endif diff --git a/plugins/sudoers/bsm_audit.c b/plugins/sudoers/bsm_audit.c index bc8a4b5c3..4532bfcbb 100644 --- a/plugins/sudoers/bsm_audit.c +++ b/plugins/sudoers/bsm_audit.c @@ -54,7 +54,7 @@ audit_sudo_selected(int sorf) auditinfo_addr_t ainfo_addr; struct au_mask *mask; int rc; - debug_decl(audit_sudo_selected, SUDO_DEBUG_AUDIT) + debug_decl(audit_sudo_selected, SUDO_DEBUG_AUDIT, sudoers_debug_instance) if (getaudit_addr(&ainfo_addr, sizeof(ainfo_addr)) < 0) { if (errno == ENOSYS) { @@ -89,7 +89,7 @@ bsm_audit_success(char *exec_args[]) long au_cond; int aufd, selected; pid_t pid; - debug_decl(bsm_audit_success, SUDO_DEBUG_AUDIT) + debug_decl(bsm_audit_success, SUDO_DEBUG_AUDIT, sudoers_debug_instance) /* * If we are not auditing, don't cut an audit record; just return. @@ -178,7 +178,7 @@ bsm_audit_failure(char *exec_args[], char const *const fmt, va_list ap) au_id_t auid; pid_t pid; int aufd; - debug_decl(bsm_audit_success, SUDO_DEBUG_AUDIT) + debug_decl(bsm_audit_success, SUDO_DEBUG_AUDIT, sudoers_debug_instance) /* * If we are not auditing, don't cut an audit record; just return. diff --git a/plugins/sudoers/check.c b/plugins/sudoers/check.c index 2e41eef35..dff977893 100644 --- a/plugins/sudoers/check.c +++ b/plugins/sudoers/check.c @@ -63,7 +63,7 @@ static int check_user_interactive(int validated, int mode, struct passwd *auth_pw) { int status, rval = true; - debug_decl(check_user_interactive, SUDO_DEBUG_AUTH) + debug_decl(check_user_interactive, SUDO_DEBUG_AUTH, sudoers_debug_instance) /* Always need a password when -k was specified with the command. */ if (ISSET(mode, MODE_IGNORE_TICKET)) @@ -121,7 +121,7 @@ check_user(int validated, int mode) { struct passwd *auth_pw; int rval = -1; - debug_decl(check_user, SUDO_DEBUG_AUTH) + debug_decl(check_user, SUDO_DEBUG_AUTH, sudoers_debug_instance) /* * Init authentication system regardless of whether we need a password. @@ -175,7 +175,7 @@ display_lecture(int status) ssize_t nread; struct sudo_conv_message msg; struct sudo_conv_reply repl; - debug_decl(lecture, SUDO_DEBUG_AUTH) + debug_decl(lecture, SUDO_DEBUG_AUTH, sudoers_debug_instance) if (def_lecture == never || (def_lecture == once && already_lectured(status))) @@ -212,7 +212,7 @@ bool user_is_exempt(void) { bool rval = false; - debug_decl(user_is_exempt, SUDO_DEBUG_AUTH) + debug_decl(user_is_exempt, SUDO_DEBUG_AUTH, sudoers_debug_instance) if (def_exempt_group) rval = user_in_group(sudo_user.pw, def_exempt_group); @@ -228,7 +228,7 @@ static struct passwd * get_authpw(int mode) { struct passwd *pw = NULL; - debug_decl(get_authpw, SUDO_DEBUG_AUTH) + debug_decl(get_authpw, SUDO_DEBUG_AUTH, sudoers_debug_instance) if (ISSET(mode, (MODE_CHECK|MODE_LIST))) { /* In list mode we always prompt for the user's password. */ diff --git a/plugins/sudoers/defaults.c b/plugins/sudoers/defaults.c index add3c27ca..8d5f863c0 100644 --- a/plugins/sudoers/defaults.c +++ b/plugins/sudoers/defaults.c @@ -118,7 +118,7 @@ dump_defaults(void) struct list_member *item; struct def_values *def; char *desc; - debug_decl(dump_defaults, SUDO_DEBUG_DEFAULTS) + debug_decl(dump_defaults, SUDO_DEBUG_DEFAULTS, sudoers_debug_instance) for (cur = sudo_defs_table; cur->name; cur++) { if (cur->desc) { @@ -200,7 +200,7 @@ set_default(char *var, char *val, int op) { struct sudo_defs_types *cur; int num; - debug_decl(set_default, SUDO_DEBUG_DEFAULTS) + debug_decl(set_default, SUDO_DEBUG_DEFAULTS, sudoers_debug_instance) for (cur = sudo_defs_table, num = 0; cur->name; cur++, num++) { if (strcmp(var, cur->name) == 0) @@ -345,7 +345,7 @@ init_defaults(void) { static int firsttime = 1; struct sudo_defs_types *def; - debug_decl(init_defaults, SUDO_DEBUG_DEFAULTS) + debug_decl(init_defaults, SUDO_DEBUG_DEFAULTS, sudoers_debug_instance) /* Clear any old settings. */ if (!firsttime) { @@ -508,7 +508,7 @@ update_defaults(int what) { struct defaults *def; bool rc = true; - debug_decl(update_defaults, SUDO_DEBUG_DEFAULTS) + debug_decl(update_defaults, SUDO_DEBUG_DEFAULTS, sudoers_debug_instance) TAILQ_FOREACH(def, &defaults, entries) { switch (def->type) { @@ -567,7 +567,7 @@ check_defaults(int what, bool quiet) struct sudo_defs_types *cur; struct defaults *def; bool rc = true; - debug_decl(check_defaults, SUDO_DEBUG_DEFAULTS) + debug_decl(check_defaults, SUDO_DEBUG_DEFAULTS, sudoers_debug_instance) TAILQ_FOREACH(def, &defaults, entries) { switch (def->type) { @@ -610,7 +610,7 @@ store_int(char *val, struct sudo_defs_types *def, int op) { const char *errstr; int i; - debug_decl(store_int, SUDO_DEBUG_DEFAULTS) + debug_decl(store_int, SUDO_DEBUG_DEFAULTS, sudoers_debug_instance) if (op == false) { def->sd_un.ival = 0; @@ -633,7 +633,7 @@ store_uint(char *val, struct sudo_defs_types *def, int op) { const char *errstr; unsigned int u; - debug_decl(store_uint, SUDO_DEBUG_DEFAULTS) + debug_decl(store_uint, SUDO_DEBUG_DEFAULTS, sudoers_debug_instance) if (op == false) { def->sd_un.uival = 0; @@ -656,7 +656,7 @@ store_float(char *val, struct sudo_defs_types *def, int op) { char *endp; double d; - debug_decl(store_float, SUDO_DEBUG_DEFAULTS) + debug_decl(store_float, SUDO_DEBUG_DEFAULTS, sudoers_debug_instance) if (op == false) { def->sd_un.fval = 0.0; @@ -676,7 +676,7 @@ static bool store_tuple(char *val, struct sudo_defs_types *def, int op) { struct def_values *v; - debug_decl(store_tuple, SUDO_DEBUG_DEFAULTS) + debug_decl(store_tuple, SUDO_DEBUG_DEFAULTS, sudoers_debug_instance) /* * Look up tuple value by name to find enum def_tuple value. @@ -703,7 +703,7 @@ store_tuple(char *val, struct sudo_defs_types *def, int op) static bool store_str(char *val, struct sudo_defs_types *def, int op) { - debug_decl(store_str, SUDO_DEBUG_DEFAULTS) + debug_decl(store_str, SUDO_DEBUG_DEFAULTS, sudoers_debug_instance) sudo_efree(def->sd_un.str); if (op == false) @@ -719,7 +719,7 @@ static bool store_list(char *str, struct sudo_defs_types *def, int op) { char *start, *end; - debug_decl(store_list, SUDO_DEBUG_DEFAULTS) + debug_decl(store_list, SUDO_DEBUG_DEFAULTS, sudoers_debug_instance) /* Remove all old members. */ if (op == false || op == true) @@ -748,7 +748,7 @@ static bool store_syslogfac(char *val, struct sudo_defs_types *def, int op) { struct strmap *fac; - debug_decl(store_syslogfac, SUDO_DEBUG_DEFAULTS) + debug_decl(store_syslogfac, SUDO_DEBUG_DEFAULTS, sudoers_debug_instance) if (op == false) { def->sd_un.ival = false; @@ -774,7 +774,7 @@ logfac2str(int n) { #ifdef LOG_NFACILITIES struct strmap *fac; - debug_decl(logfac2str, SUDO_DEBUG_DEFAULTS) + debug_decl(logfac2str, SUDO_DEBUG_DEFAULTS, sudoers_debug_instance) for (fac = facilities; fac->name && fac->num != n; fac++) ; @@ -788,7 +788,7 @@ static bool store_syslogpri(char *val, struct sudo_defs_types *def, int op) { struct strmap *pri; - debug_decl(store_syslogpri, SUDO_DEBUG_DEFAULTS) + debug_decl(store_syslogpri, SUDO_DEBUG_DEFAULTS, sudoers_debug_instance) if (op == false || !val) debug_return_bool(false); @@ -806,7 +806,7 @@ static const char * logpri2str(int n) { struct strmap *pri; - debug_decl(logpri2str, SUDO_DEBUG_DEFAULTS) + debug_decl(logpri2str, SUDO_DEBUG_DEFAULTS, sudoers_debug_instance) for (pri = priorities; pri->name && pri->num != n; pri++) ; @@ -818,7 +818,7 @@ store_mode(char *val, struct sudo_defs_types *def, int op) { mode_t mode; const char *errstr; - debug_decl(store_mode, SUDO_DEBUG_DEFAULTS) + debug_decl(store_mode, SUDO_DEBUG_DEFAULTS, sudoers_debug_instance) if (op == false) { def->sd_un.mode = 0777; @@ -840,7 +840,7 @@ static void list_op(char *val, size_t len, struct sudo_defs_types *def, enum list_ops op) { struct list_member *cur, *prev = NULL; - debug_decl(list_op, SUDO_DEBUG_DEFAULTS) + debug_decl(list_op, SUDO_DEBUG_DEFAULTS, sudoers_debug_instance) if (op == freeall) { while ((cur = SLIST_FIRST(&def->sd_un.list)) != NULL) { diff --git a/plugins/sudoers/env.c b/plugins/sudoers/env.c index 17b02da30..4198fe0b1 100644 --- a/plugins/sudoers/env.c +++ b/plugins/sudoers/env.c @@ -214,7 +214,7 @@ env_init(char * const envp[]) { char * const *ep; size_t len; - debug_decl(env_init, SUDO_DEBUG_ENV) + debug_decl(env_init, SUDO_DEBUG_ENV, sudoers_debug_instance) if (envp == NULL) { /* Reset to initial state but keep a pointer to what we allocated. */ @@ -348,7 +348,7 @@ static int sudo_putenv(char *str, bool dupcheck, bool overwrite) { int rval; - debug_decl(sudo_putenv, SUDO_DEBUG_ENV) + debug_decl(sudo_putenv, SUDO_DEBUG_ENV, sudoers_debug_instance) sudo_debug_printf(SUDO_DEBUG_INFO, "sudo_putenv: %s", str); @@ -373,7 +373,7 @@ sudo_setenv2(const char *var, const char *val, bool dupcheck, bool overwrite) char *estring; size_t esize; int rval = -1; - debug_decl(sudo_setenv2, SUDO_DEBUG_ENV) + debug_decl(sudo_setenv2, SUDO_DEBUG_ENV, sudoers_debug_instance) esize = strlen(var) + 1 + strlen(val) + 1; estring = sudo_emalloc(esize); @@ -488,7 +488,7 @@ int sudo_unsetenv(const char *name) { int rval; - debug_decl(sudo_unsetenv, SUDO_DEBUG_ENV) + debug_decl(sudo_unsetenv, SUDO_DEBUG_ENV, sudoers_debug_instance) sudo_debug_printf(SUDO_DEBUG_INFO, "sudo_unsetenv: %s", name); @@ -528,7 +528,7 @@ char * sudo_getenv(const char *name) { char *val; - debug_decl(sudo_getenv, SUDO_DEBUG_ENV) + debug_decl(sudo_getenv, SUDO_DEBUG_ENV, sudoers_debug_instance) sudo_debug_printf(SUDO_DEBUG_INFO, "sudo_getenv: %s", name); @@ -546,7 +546,7 @@ matches_env_list(const char *var, struct list_members *list, bool *full_match) { struct list_member *cur; bool match = false; - debug_decl(matches_env_list, SUDO_DEBUG_ENV) + debug_decl(matches_env_list, SUDO_DEBUG_ENV, sudoers_debug_instance) SLIST_FOREACH(cur, list, entries) { size_t sep_pos, len = strlen(cur->value); @@ -579,7 +579,7 @@ static bool matches_env_delete(const char *var) { bool full_match; /* unused */ - debug_decl(matches_env_delete, SUDO_DEBUG_ENV) + debug_decl(matches_env_delete, SUDO_DEBUG_ENV, sudoers_debug_instance) /* Skip anything listed in env_delete. */ debug_return_bool(matches_env_list(var, &def_env_delete, &full_match)); @@ -594,7 +594,7 @@ static int matches_env_check(const char *var, bool *full_match) { int keepit = -1; - debug_decl(matches_env_check, SUDO_DEBUG_ENV) + debug_decl(matches_env_check, SUDO_DEBUG_ENV, sudoers_debug_instance) /* Skip anything listed in env_check that includes '/' or '%'. */ if (matches_env_list(var, &def_env_check, full_match)) { @@ -613,7 +613,7 @@ static bool matches_env_keep(const char *var, bool *full_match) { bool keepit = false; - debug_decl(matches_env_keep, SUDO_DEBUG_ENV) + debug_decl(matches_env_keep, SUDO_DEBUG_ENV, sudoers_debug_instance) /* Preserve SHELL variable for "sudo -s". */ if (ISSET(sudo_mode, MODE_SHELL) && strncmp(var, "SHELL=", 6) == 0) { @@ -634,7 +634,7 @@ env_should_delete(const char *var) const char *cp; int delete_it; bool full_match = false; - debug_decl(env_should_delete, SUDO_DEBUG_ENV); + debug_decl(env_should_delete, SUDO_DEBUG_ENV, sudoers_debug_instance); /* Skip variables with values beginning with () (bash functions) */ if ((cp = strchr(var, '=')) != NULL) { @@ -664,7 +664,7 @@ env_should_keep(const char *var) int keepit; bool full_match = false; const char *cp; - debug_decl(env_should_keep, SUDO_DEBUG_ENV) + debug_decl(env_should_keep, SUDO_DEBUG_ENV, sudoers_debug_instance) keepit = matches_env_check(var, &full_match); if (keepit == -1) @@ -694,7 +694,7 @@ env_merge(char * const envp[]) { char * const *ep; bool rval = true; - debug_decl(env_merge, SUDO_DEBUG_ENV) + debug_decl(env_merge, SUDO_DEBUG_ENV, sudoers_debug_instance) for (ep = envp; *ep != NULL; ep++) { /* XXX - avoid checking value here, should only check name */ @@ -759,7 +759,7 @@ rebuild_env(void) char idbuf[MAX_UID_T_LEN + 1]; unsigned int didvar; bool reset_home = false; - debug_decl(rebuild_env, SUDO_DEBUG_ENV) + debug_decl(rebuild_env, SUDO_DEBUG_ENV, sudoers_debug_instance) /* * Either clean out the environment or reset to a safe default. @@ -985,7 +985,7 @@ insert_env_vars(char * const envp[]) { char * const *ep; bool rval = true; - debug_decl(insert_env_vars, SUDO_DEBUG_ENV) + debug_decl(insert_env_vars, SUDO_DEBUG_ENV, sudoers_debug_instance) /* Add user-specified environment variables. */ if (envp != NULL) { @@ -1013,7 +1013,7 @@ validate_env_vars(char * const env_vars[]) char *eq, *bad = NULL; size_t len, blen = 0, bsize = 0; bool okvar, rval = true; - debug_decl(validate_env_vars, SUDO_DEBUG_ENV) + debug_decl(validate_env_vars, SUDO_DEBUG_ENV, sudoers_debug_instance) if (env_vars == NULL) debug_return_bool(true); /* nothing to do */ @@ -1075,7 +1075,7 @@ read_env_file(const char *path, int overwrite) bool rval = true; char *cp, *var, *val, *line = NULL; size_t var_len, val_len, linesize = 0; - debug_decl(read_env_file, SUDO_DEBUG_ENV) + debug_decl(read_env_file, SUDO_DEBUG_ENV, sudoers_debug_instance) if ((fp = fopen(path, "r")) == NULL) { if (errno != ENOENT) diff --git a/plugins/sudoers/find_path.c b/plugins/sudoers/find_path.c index 42e8218e7..f362a23b5 100644 --- a/plugins/sudoers/find_path.c +++ b/plugins/sudoers/find_path.c @@ -1,5 +1,5 @@ /* - * Copyright (c) 1996, 1998-2005, 2010-2013 + * Copyright (c) 1996, 1998-2005, 2010-2014 * Todd C. Miller * * Permission to use, copy, modify, and distribute this software for any @@ -62,7 +62,7 @@ find_path(char *infile, char **outfile, struct stat *sbp, char *path, bool found = false; /* did we find the command? */ bool checkdot = false; /* check current dir? */ int len; /* length parameter */ - debug_decl(find_path, SUDO_DEBUG_UTIL) + debug_decl(find_path, SUDO_DEBUG_UTIL, sudoers_debug_instance) if (strlen(infile) >= PATH_MAX) { errno = ENAMETOOLONG; diff --git a/plugins/sudoers/getspwuid.c b/plugins/sudoers/getspwuid.c index 2df9e42de..8acb0ca16 100644 --- a/plugins/sudoers/getspwuid.c +++ b/plugins/sudoers/getspwuid.c @@ -1,5 +1,5 @@ /* - * Copyright (c) 1996, 1998-2005, 2010-2012 + * Copyright (c) 1996, 1998-2005, 2010-2012, 2014 * Todd C. Miller * * Permission to use, copy, modify, and distribute this software for any @@ -81,7 +81,7 @@ char * sudo_getepw(const struct passwd *pw) { char *epw = NULL; - debug_decl(sudo_getepw, SUDO_DEBUG_AUTH) + debug_decl(sudo_getepw, SUDO_DEBUG_AUTH, sudoers_debug_instance) /* If there is a function to check for shadow enabled, use it... */ #ifdef HAVE_ISCOMSEC @@ -148,7 +148,7 @@ done: void sudo_setspent(void) { - debug_decl(sudo_setspent, SUDO_DEBUG_AUTH) + debug_decl(sudo_setspent, SUDO_DEBUG_AUTH, sudoers_debug_instance) #ifdef HAVE_GETPRPWNAM setprpwent(); @@ -171,7 +171,7 @@ sudo_setspent(void) void sudo_endspent(void) { - debug_decl(sudo_endspent, SUDO_DEBUG_AUTH) + debug_decl(sudo_endspent, SUDO_DEBUG_AUTH, sudoers_debug_instance) #ifdef HAVE_GETPRPWNAM endprpwent(); diff --git a/plugins/sudoers/goodpath.c b/plugins/sudoers/goodpath.c index 1d0eee262..3b597394e 100644 --- a/plugins/sudoers/goodpath.c +++ b/plugins/sudoers/goodpath.c @@ -1,5 +1,5 @@ /* - * Copyright (c) 1996, 1998-2005, 2010-2012 + * Copyright (c) 1996, 1998-2005, 2010-2012, 2014 * Todd C. Miller * * Permission to use, copy, modify, and distribute this software for any @@ -45,7 +45,7 @@ sudo_goodpath(const char *path, struct stat *sbp) { struct stat sb; bool rval = false; - debug_decl(sudo_goodpath, SUDO_DEBUG_UTIL) + debug_decl(sudo_goodpath, SUDO_DEBUG_UTIL, sudoers_debug_instance) if (path != NULL && stat(path, &sb) == 0) { /* Make sure path describes an executable regular file. */ diff --git a/plugins/sudoers/gram.c b/plugins/sudoers/gram.c index 2062d1947..548d02607 100644 --- a/plugins/sudoers/gram.c +++ b/plugins/sudoers/gram.c @@ -687,7 +687,7 @@ unsigned int yystacksize; void sudoerserror(const char *s) { - debug_decl(sudoerserror, SUDO_DEBUG_PARSER) + debug_decl(sudoerserror, SUDO_DEBUG_PARSER, sudoers_debug_instance) /* If we last saw a newline the error is on the preceding line. */ if (last_token == COMMENT) @@ -720,7 +720,7 @@ static struct defaults * new_default(char *var, char *val, int op) { struct defaults *d; - debug_decl(new_default, SUDO_DEBUG_PARSER) + debug_decl(new_default, SUDO_DEBUG_PARSER, sudoers_debug_instance) d = sudo_ecalloc(1, sizeof(struct defaults)); d->var = var; @@ -737,7 +737,7 @@ static struct member * new_member(char *name, int type) { struct member *m; - debug_decl(new_member, SUDO_DEBUG_PARSER) + debug_decl(new_member, SUDO_DEBUG_PARSER, sudoers_debug_instance) m = sudo_ecalloc(1, sizeof(struct member)); m->name = name; @@ -751,7 +751,7 @@ struct sudo_digest * new_digest(int digest_type, const char *digest_str) { struct sudo_digest *dig; - debug_decl(new_digest, SUDO_DEBUG_PARSER) + debug_decl(new_digest, SUDO_DEBUG_PARSER, sudoers_debug_instance) dig = sudo_emalloc(sizeof(*dig)); dig->digest_type = digest_type; @@ -770,7 +770,7 @@ add_defaults(int type, struct member *bmem, struct defaults *defs) { struct defaults *d; struct member_list *binding; - debug_decl(add_defaults, SUDO_DEBUG_PARSER) + debug_decl(add_defaults, SUDO_DEBUG_PARSER, sudoers_debug_instance) if (defs != NULL) { /* @@ -804,7 +804,7 @@ static void add_userspec(struct member *members, struct privilege *privs) { struct userspec *u; - debug_decl(add_userspec, SUDO_DEBUG_PARSER) + debug_decl(add_userspec, SUDO_DEBUG_PARSER, sudoers_debug_instance) u = sudo_ecalloc(1, sizeof(*u)); HLTQ_TO_TAILQ(&u->users, members, entries); @@ -824,7 +824,7 @@ init_parser(const char *path, bool quiet) struct member_list *binding; struct defaults *d, *d_next; struct userspec *us, *us_next; - debug_decl(init_parser, SUDO_DEBUG_PARSER) + debug_decl(init_parser, SUDO_DEBUG_PARSER, sudoers_debug_instance) TAILQ_FOREACH_SAFE(us, &userspecs, entries, us_next) { struct member *m, *m_next; diff --git a/plugins/sudoers/gram.y b/plugins/sudoers/gram.y index aae72af1d..2ac8e6546 100644 --- a/plugins/sudoers/gram.y +++ b/plugins/sudoers/gram.y @@ -1,6 +1,6 @@ %{ /* - * Copyright (c) 1996, 1998-2005, 2007-2013 + * Copyright (c) 1996, 1998-2005, 2007-2013, 2014 * Todd C. Miller * * Permission to use, copy, modify, and distribute this software for any @@ -672,7 +672,7 @@ group : ALIAS { void sudoerserror(const char *s) { - debug_decl(sudoerserror, SUDO_DEBUG_PARSER) + debug_decl(sudoerserror, SUDO_DEBUG_PARSER, sudoers_debug_instance) /* If we last saw a newline the error is on the preceding line. */ if (last_token == COMMENT) @@ -705,7 +705,7 @@ static struct defaults * new_default(char *var, char *val, int op) { struct defaults *d; - debug_decl(new_default, SUDO_DEBUG_PARSER) + debug_decl(new_default, SUDO_DEBUG_PARSER, sudoers_debug_instance) d = sudo_ecalloc(1, sizeof(struct defaults)); d->var = var; @@ -722,7 +722,7 @@ static struct member * new_member(char *name, int type) { struct member *m; - debug_decl(new_member, SUDO_DEBUG_PARSER) + debug_decl(new_member, SUDO_DEBUG_PARSER, sudoers_debug_instance) m = sudo_ecalloc(1, sizeof(struct member)); m->name = name; @@ -736,7 +736,7 @@ struct sudo_digest * new_digest(int digest_type, const char *digest_str) { struct sudo_digest *dig; - debug_decl(new_digest, SUDO_DEBUG_PARSER) + debug_decl(new_digest, SUDO_DEBUG_PARSER, sudoers_debug_instance) dig = sudo_emalloc(sizeof(*dig)); dig->digest_type = digest_type; @@ -755,7 +755,7 @@ add_defaults(int type, struct member *bmem, struct defaults *defs) { struct defaults *d; struct member_list *binding; - debug_decl(add_defaults, SUDO_DEBUG_PARSER) + debug_decl(add_defaults, SUDO_DEBUG_PARSER, sudoers_debug_instance) if (defs != NULL) { /* @@ -789,7 +789,7 @@ static void add_userspec(struct member *members, struct privilege *privs) { struct userspec *u; - debug_decl(add_userspec, SUDO_DEBUG_PARSER) + debug_decl(add_userspec, SUDO_DEBUG_PARSER, sudoers_debug_instance) u = sudo_ecalloc(1, sizeof(*u)); HLTQ_TO_TAILQ(&u->users, members, entries); @@ -809,7 +809,7 @@ init_parser(const char *path, bool quiet) struct member_list *binding; struct defaults *d, *d_next; struct userspec *us, *us_next; - debug_decl(init_parser, SUDO_DEBUG_PARSER) + debug_decl(init_parser, SUDO_DEBUG_PARSER, sudoers_debug_instance) TAILQ_FOREACH_SAFE(us, &userspecs, entries, us_next) { struct member *m, *m_next; diff --git a/plugins/sudoers/group_plugin.c b/plugins/sudoers/group_plugin.c index 6c8976057..f8cdd5adf 100644 --- a/plugins/sudoers/group_plugin.c +++ b/plugins/sudoers/group_plugin.c @@ -64,7 +64,7 @@ group_plugin_load(char *plugin_info) char *args, path[PATH_MAX]; char **argv = NULL; int len, rc = -1; - debug_decl(group_plugin_load, SUDO_DEBUG_UTIL) + debug_decl(group_plugin_load, SUDO_DEBUG_UTIL, sudoers_debug_instance) /* * Fill in .so path and split out args (if any). @@ -161,7 +161,7 @@ done: void group_plugin_unload(void) { - debug_decl(group_plugin_unload, SUDO_DEBUG_UTIL) + debug_decl(group_plugin_unload, SUDO_DEBUG_UTIL, sudoers_debug_instance) if (group_plugin != NULL) { (group_plugin->cleanup)(); @@ -178,7 +178,7 @@ int group_plugin_query(const char *user, const char *group, const struct passwd *pwd) { - debug_decl(group_plugin_query, SUDO_DEBUG_UTIL) + debug_decl(group_plugin_query, SUDO_DEBUG_UTIL, sudoers_debug_instance) if (group_plugin == NULL) debug_return_bool(false); @@ -194,14 +194,14 @@ group_plugin_query(const char *user, const char *group, int group_plugin_load(char *plugin_info) { - debug_decl(group_plugin_load, SUDO_DEBUG_UTIL) + debug_decl(group_plugin_load, SUDO_DEBUG_UTIL, sudoers_debug_instance) debug_return_bool(false); } void group_plugin_unload(void) { - debug_decl(group_plugin_unload, SUDO_DEBUG_UTIL) + debug_decl(group_plugin_unload, SUDO_DEBUG_UTIL, sudoers_debug_instance) debug_return; } @@ -209,7 +209,7 @@ int group_plugin_query(const char *user, const char *group, const struct passwd *pwd) { - debug_decl(group_plugin_query, SUDO_DEBUG_UTIL) + debug_decl(group_plugin_query, SUDO_DEBUG_UTIL, sudoers_debug_instance) debug_return_bool(false); } diff --git a/plugins/sudoers/hexchar.c b/plugins/sudoers/hexchar.c index 77c4665c5..e1cfcddf1 100644 --- a/plugins/sudoers/hexchar.c +++ b/plugins/sudoers/hexchar.c @@ -1,5 +1,5 @@ /* - * Copyright (c) 2013 Todd C. Miller + * Copyright (c) 2013-2014 Todd C. Miller * * Permission to use, copy, modify, and distribute this software for any * purpose with or without fee is hereby granted, provided that the above @@ -19,8 +19,7 @@ #include #include -#include "sudo_compat.h" -#include "sudo_debug.h" +#include "sudoers.h" /* * Converts a two-byte hex string to decimal. @@ -31,7 +30,7 @@ hexchar(const char *s) { unsigned char result[2]; int i; - debug_decl(hexchar, SUDO_DEBUG_UTIL) + debug_decl(hexchar, SUDO_DEBUG_UTIL, sudoers_debug_instance) for (i = 0; i < 2; i++) { switch (s[i]) { diff --git a/plugins/sudoers/interfaces.c b/plugins/sudoers/interfaces.c index 6386567cd..c4fe43c65 100644 --- a/plugins/sudoers/interfaces.c +++ b/plugins/sudoers/interfaces.c @@ -1,5 +1,5 @@ /* - * Copyright (c) 2010-2013 Todd C. Miller + * Copyright (c) 2010-2014 Todd C. Miller * * Permission to use, copy, modify, and distribute this software for any * purpose with or without fee is hereby granted, provided that the above @@ -62,7 +62,7 @@ set_interfaces(const char *ai) { char *addrinfo, *addr, *mask; struct interface *ifp; - debug_decl(set_interfaces, SUDO_DEBUG_NETIF) + debug_decl(set_interfaces, SUDO_DEBUG_NETIF, sudoers_debug_instance) addrinfo = sudo_estrdup(ai); for (addr = strtok(addrinfo, " \t"); addr != NULL; addr = strtok(NULL, " \t")) { @@ -109,7 +109,7 @@ void dump_interfaces(const char *ai) { char *cp, *addrinfo; - debug_decl(set_interfaces, SUDO_DEBUG_NETIF) + debug_decl(set_interfaces, SUDO_DEBUG_NETIF, sudoers_debug_instance) addrinfo = sudo_estrdup(ai); diff --git a/plugins/sudoers/iolog.c b/plugins/sudoers/iolog.c index fb3b577f4..4c83feb46 100644 --- a/plugins/sudoers/iolog.c +++ b/plugins/sudoers/iolog.c @@ -92,7 +92,7 @@ io_mkdirs(char *path, mode_t mode, bool is_temp) gid_t parent_gid = 0; char *slash = path; bool ok = true; - debug_decl(io_mkdirs, SUDO_DEBUG_UTIL) + debug_decl(io_mkdirs, SUDO_DEBUG_UTIL, sudoers_debug_instance) /* Fast path: not a temporary and already exists. */ if (!is_temp && stat(path, &sb) == 0) { @@ -155,7 +155,7 @@ io_set_max_sessid(const char *maxval) { const char *errstr; unsigned int value; - debug_decl(io_set_max_sessid, SUDO_DEBUG_UTIL) + debug_decl(io_set_max_sessid, SUDO_DEBUG_UTIL, sudoers_debug_instance) value = strtonum(maxval, 0, SESSID_MAX, &errstr); if (errstr != NULL) { @@ -187,7 +187,7 @@ io_nextid(char *iolog_dir, char *iolog_dir_fallback, char sessid[7]) ssize_t nread; char pathbuf[PATH_MAX]; static const char b36char[] = "0123456789ABCDEFGHIJKLMNOPQRSTUVWXYZ"; - debug_decl(io_nextid, SUDO_DEBUG_UTIL) + debug_decl(io_nextid, SUDO_DEBUG_UTIL, sudoers_debug_instance) /* * Create I/O log directory if it doesn't already exist. @@ -297,7 +297,7 @@ mkdir_iopath(const char *iolog_path, char *pathbuf, size_t pathsize) { size_t len; bool is_temp = false; - debug_decl(mkdir_iopath, SUDO_DEBUG_UTIL) + debug_decl(mkdir_iopath, SUDO_DEBUG_UTIL, sudoers_debug_instance) len = strlcpy(pathbuf, iolog_path, pathsize); if (len >= pathsize) { @@ -328,7 +328,7 @@ static bool open_io_fd(char *pathbuf, size_t len, struct io_log_file *iol, bool docompress) { int fd; - debug_decl(open_io_fd, SUDO_DEBUG_UTIL) + debug_decl(open_io_fd, SUDO_DEBUG_UTIL, sudoers_debug_instance) pathbuf[len] = '\0'; strlcat(pathbuf, iol->suffix, PATH_MAX); @@ -370,7 +370,7 @@ iolog_deserialize_info(struct iolog_details *details, char * const user_info[], id_t id; uid_t runas_uid = 0; gid_t runas_gid = 0; - debug_decl(iolog_deserialize_info, SUDO_DEBUG_UTIL) + debug_decl(iolog_deserialize_info, SUDO_DEBUG_UTIL, sudoers_debug_instance) details->lines = 24; details->cols = 80; @@ -536,7 +536,7 @@ write_info_log(char *pathbuf, size_t len, struct iolog_details *details, char * const *av; FILE *fp; int fd; - debug_decl(write_info_log, SUDO_DEBUG_UTIL) + debug_decl(write_info_log, SUDO_DEBUG_UTIL, sudoers_debug_instance) pathbuf[len] = '\0'; strlcat(pathbuf, "/log", PATH_MAX); @@ -566,12 +566,15 @@ sudoers_io_open(unsigned int version, sudo_conv_t conversation, char * const user_info[], char * const command_info[], int argc, char * const argv[], char * const user_env[], char * const args[]) { + struct sudo_conf_debug_file_list debug_files = TAILQ_HEAD_INITIALIZER(debug_files); struct iolog_details details; char pathbuf[PATH_MAX], sessid[7]; char *tofree = NULL; + char * const *cur; + const char *plugin_path = NULL; size_t len; - int i, rval = -1; - debug_decl(sudoers_io_open, SUDO_DEBUG_PLUGIN) + int i, prev_instance, rval = -1; + debug_decl(sudoers_io_open, SUDO_DEBUG_PLUGIN, sudoers_debug_instance) sudo_conv = conversation; sudo_printf = plugin_printf; @@ -580,6 +583,8 @@ sudoers_io_open(unsigned int version, sudo_conv_t conversation, if (argc == 0) debug_return_bool(true); + prev_instance = sudo_debug_set_default_instance(sudoers_debug_instance); + memset(&details, 0, sizeof(details)); bindtextdomain("sudoers", LOCALEDIR); @@ -587,6 +592,22 @@ sudoers_io_open(unsigned int version, sudo_conv_t conversation, sudo_setpwent(); sudo_setgrent(); + /* + * Check for debug flags in settings list. + */ + for (cur = settings; *cur != NULL; cur++) { + if (strncmp(*cur, "debug_flags=", sizeof("debug_flags=") - 1) == 0) { + sudoers_debug_parse_flags(&debug_files, + *cur + sizeof("debug_flags=") - 1); + continue; + } + if (strncmp(*cur, "plugin_path=", sizeof("plugin_path=") - 1) == 0) { + plugin_path = *cur + sizeof("plugin_path=") - 1; + continue; + } + } + sudoers_debug_register(&debug_files, plugin_path); + /* * Pull iolog settings out of command_info. */ @@ -653,14 +674,18 @@ done: sudo_gr_delref(details.runas_gr); sudo_endgrent(); + sudo_debug_set_default_instance(prev_instance); + debug_return_bool(rval); } static void sudoers_io_close(int exit_status, int error) { - int i; - debug_decl(sudoers_io_close, SUDO_DEBUG_PLUGIN) + int i, prev_instance; + debug_decl(sudoers_io_close, SUDO_DEBUG_PLUGIN, sudoers_debug_instance) + + prev_instance = sudo_debug_set_default_instance(sudoers_debug_instance); for (i = 0; i < IOFD_MAX; i++) { if (io_log_files[i].fd.v == NULL) @@ -672,17 +697,29 @@ sudoers_io_close(int exit_status, int error) #endif fclose(io_log_files[i].fd.f); } + sudo_debug_set_default_instance(prev_instance); + + if (sudoers_debug_instance != SUDO_DEBUG_INSTANCE_INITIALIZER) { + sudo_debug_deregister(sudoers_debug_instance); + sudoers_debug_instance = SUDO_DEBUG_INSTANCE_INITIALIZER; + } + debug_return; } static int sudoers_io_version(int verbose) { - debug_decl(sudoers_io_version, SUDO_DEBUG_PLUGIN) + int prev_instance; + debug_decl(sudoers_io_version, SUDO_DEBUG_PLUGIN, sudoers_debug_instance) + + prev_instance = sudo_debug_set_default_instance(sudoers_debug_instance); sudo_printf(SUDO_CONV_INFO_MSG, "Sudoers I/O plugin version %s\n", PACKAGE_VERSION); + sudo_debug_set_default_instance(prev_instance); + debug_return_bool(true); } @@ -693,8 +730,10 @@ static int sudoers_io_log(const char *buf, unsigned int len, int idx) { struct timeval now, delay; - int rval = true; - debug_decl(sudoers_io_version, SUDO_DEBUG_PLUGIN) + int prev_instance, rval = true; + debug_decl(sudoers_io_version, SUDO_DEBUG_PLUGIN, sudoers_debug_instance) + + prev_instance = sudo_debug_set_default_instance(sudoers_debug_instance); gettimeofday(&now, NULL); @@ -724,6 +763,8 @@ sudoers_io_log(const char *buf, unsigned int len, int idx) last_time.tv_sec = now.tv_sec; last_time.tv_usec = now.tv_usec; + sudo_debug_set_default_instance(prev_instance); + debug_return_bool(rval); } diff --git a/plugins/sudoers/iolog_path.c b/plugins/sudoers/iolog_path.c index b3ff8c039..fc4703295 100644 --- a/plugins/sudoers/iolog_path.c +++ b/plugins/sudoers/iolog_path.c @@ -1,5 +1,5 @@ /* - * Copyright (c) 2011-2013 Todd C. Miller + * Copyright (c) 2011-2014 Todd C. Miller * * Permission to use, copy, modify, and distribute this software for any * purpose with or without fee is hereby granted, provided that the above @@ -50,12 +50,12 @@ static size_t fill_seq(char *str, size_t strsize, char *logdir) { #ifdef SUDOERS_NO_SEQ - debug_decl(fill_seq, SUDO_DEBUG_UTIL) + debug_decl(fill_seq, SUDO_DEBUG_UTIL, sudoers_debug_instance) debug_return_size_t(strlcpy(str, "%{seq}", strsize)); #else static char sessid[7]; int len; - debug_decl(fill_seq, SUDO_DEBUG_UTIL) + debug_decl(fill_seq, SUDO_DEBUG_UTIL, sudoers_debug_instance) if (sessid[0] == '\0') { if (!io_nextid(logdir, def_iolog_dir, sessid)) @@ -74,7 +74,7 @@ fill_seq(char *str, size_t strsize, char *logdir) static size_t fill_user(char *str, size_t strsize, char *unused) { - debug_decl(fill_user, SUDO_DEBUG_UTIL) + debug_decl(fill_user, SUDO_DEBUG_UTIL, sudoers_debug_instance) debug_return_size_t(strlcpy(str, user_name, strsize)); } @@ -83,7 +83,7 @@ fill_group(char *str, size_t strsize, char *unused) { struct group *grp; size_t len; - debug_decl(fill_group, SUDO_DEBUG_UTIL) + debug_decl(fill_group, SUDO_DEBUG_UTIL, sudoers_debug_instance) if ((grp = sudo_getgrgid(user_gid)) != NULL) { len = strlcpy(str, grp->gr_name, strsize); @@ -99,7 +99,7 @@ fill_group(char *str, size_t strsize, char *unused) static size_t fill_runas_user(char *str, size_t strsize, char *unused) { - debug_decl(fill_runas_user, SUDO_DEBUG_UTIL) + debug_decl(fill_runas_user, SUDO_DEBUG_UTIL, sudoers_debug_instance) debug_return_size_t(strlcpy(str, runas_pw->pw_name, strsize)); } @@ -108,7 +108,7 @@ fill_runas_group(char *str, size_t strsize, char *unused) { struct group *grp; size_t len; - debug_decl(fill_runas_group, SUDO_DEBUG_UTIL) + debug_decl(fill_runas_group, SUDO_DEBUG_UTIL, sudoers_debug_instance) if (runas_gr != NULL) { len = strlcpy(str, runas_gr->gr_name, strsize); @@ -128,14 +128,14 @@ fill_runas_group(char *str, size_t strsize, char *unused) static size_t fill_hostname(char *str, size_t strsize, char *unused) { - debug_decl(fill_hostname, SUDO_DEBUG_UTIL) + debug_decl(fill_hostname, SUDO_DEBUG_UTIL, sudoers_debug_instance) debug_return_size_t(strlcpy(str, user_shost, strsize)); } static size_t fill_command(char *str, size_t strsize, char *unused) { - debug_decl(fill_command, SUDO_DEBUG_UTIL) + debug_decl(fill_command, SUDO_DEBUG_UTIL, sudoers_debug_instance) debug_return_size_t(strlcpy(str, user_base, strsize)); } @@ -167,7 +167,7 @@ expand_iolog_path(const char *prefix, const char *dir, const char *file, struct path_escape *escapes = NULL; int pass, oldlocale; bool strfit; - debug_decl(expand_iolog_path, SUDO_DEBUG_UTIL) + debug_decl(expand_iolog_path, SUDO_DEBUG_UTIL, sudoers_debug_instance) /* Expanded path must be <= PATH_MAX */ if (prefix != NULL) diff --git a/plugins/sudoers/ldap.c b/plugins/sudoers/ldap.c index 1c0990652..7f6001882 100644 --- a/plugins/sudoers/ldap.c +++ b/plugins/sudoers/ldap.c @@ -398,7 +398,7 @@ sudo_ldap_conf_add_ports(void) char *host, *port, defport[13]; char hostbuf[LINE_MAX * 2]; int len; - debug_decl(sudo_ldap_conf_add_ports, SUDO_DEBUG_LDAP) + debug_decl(sudo_ldap_conf_add_ports, SUDO_DEBUG_LDAP, sudoers_debug_instance) hostbuf[0] = '\0'; len = snprintf(defport, sizeof(defport), ":%d", ldap_conf.port); @@ -448,7 +448,7 @@ sudo_ldap_parse_uri(const struct ldap_config_str_list *uri_list) char hostbuf[LINE_MAX]; int nldap = 0, nldaps = 0; int rc = -1; - debug_decl(sudo_ldap_parse_uri, SUDO_DEBUG_LDAP) + debug_decl(sudo_ldap_parse_uri, SUDO_DEBUG_LDAP, sudoers_debug_instance) hostbuf[0] = '\0'; STAILQ_FOREACH(entry, uri_list, entries) { @@ -524,7 +524,7 @@ sudo_ldap_join_uri(struct ldap_config_str_list *uri_list) struct ldap_config_str *uri; size_t len = 0; char *buf, *cp; - debug_decl(sudo_ldap_join_uri, SUDO_DEBUG_LDAP) + debug_decl(sudo_ldap_join_uri, SUDO_DEBUG_LDAP, sudoers_debug_instance) STAILQ_FOREACH(uri, uri_list, entries) { if (ldap_conf.ssl_mode == SUDO_LDAP_STARTTLS) { @@ -556,7 +556,7 @@ sudo_ldap_init(LDAP **ldp, const char *host, int port) { LDAP *ld; int rc = LDAP_CONNECT_ERROR; - debug_decl(sudo_ldap_init, SUDO_DEBUG_LDAP) + debug_decl(sudo_ldap_init, SUDO_DEBUG_LDAP, sudoers_debug_instance) #ifdef HAVE_LDAPSSL_INIT if (ldap_conf.ssl_mode != SUDO_LDAP_CLEAR) { @@ -653,7 +653,7 @@ sudo_ldap_check_non_unix_group(LDAP *ld, LDAPMessage *entry, struct passwd *pw) struct berval **bv, **p; char *val; int ret = false; - debug_decl(sudo_ldap_check_non_unix_group, SUDO_DEBUG_LDAP) + debug_decl(sudo_ldap_check_non_unix_group, SUDO_DEBUG_LDAP, sudoers_debug_instance) if (!entry) debug_return_bool(ret); @@ -694,7 +694,7 @@ sudo_ldap_check_host(LDAP *ld, LDAPMessage *entry) struct berval **bv, **p; char *val; bool ret = false; - debug_decl(sudo_ldap_check_host, SUDO_DEBUG_LDAP) + debug_decl(sudo_ldap_check_host, SUDO_DEBUG_LDAP, sudoers_debug_instance) if (!entry) debug_return_bool(ret); @@ -726,7 +726,7 @@ sudo_ldap_check_runas_user(LDAP *ld, LDAPMessage *entry) struct berval **bv, **p; char *val; bool ret = false; - debug_decl(sudo_ldap_check_runas_user, SUDO_DEBUG_LDAP) + debug_decl(sudo_ldap_check_runas_user, SUDO_DEBUG_LDAP, sudoers_debug_instance) if (!runas_pw) debug_return_bool(UNSPEC); @@ -797,7 +797,7 @@ sudo_ldap_check_runas_group(LDAP *ld, LDAPMessage *entry) struct berval **bv, **p; char *val; bool ret = false; - debug_decl(sudo_ldap_check_runas_group, SUDO_DEBUG_LDAP) + debug_decl(sudo_ldap_check_runas_group, SUDO_DEBUG_LDAP, sudoers_debug_instance) /* runas_gr is only set if the user specified the -g flag */ if (!runas_gr) @@ -830,7 +830,7 @@ static bool sudo_ldap_check_runas(LDAP *ld, LDAPMessage *entry) { bool ret; - debug_decl(sudo_ldap_check_runas, SUDO_DEBUG_LDAP) + debug_decl(sudo_ldap_check_runas, SUDO_DEBUG_LDAP, sudoers_debug_instance) if (!entry) debug_return_bool(false); @@ -846,7 +846,7 @@ sudo_ldap_extract_digest(char **cmnd, struct sudo_digest *digest) { char *ep, *cp = *cmnd; int digest_type = SUDO_DIGEST_INVALID; - debug_decl(sudo_ldap_check_command, SUDO_DEBUG_LDAP) + debug_decl(sudo_ldap_check_command, SUDO_DEBUG_LDAP, sudoers_debug_instance) /* * Check for and extract a digest prefix, e.g. @@ -912,7 +912,7 @@ sudo_ldap_check_command(LDAP *ld, LDAPMessage *entry, int *setenv_implied) char *allowed_cmnd, *allowed_args, *val; bool foundbang; int ret = UNSPEC; - debug_decl(sudo_ldap_check_command, SUDO_DEBUG_LDAP) + debug_decl(sudo_ldap_check_command, SUDO_DEBUG_LDAP, sudoers_debug_instance) if (!entry) debug_return_bool(ret); @@ -980,7 +980,7 @@ sudo_ldap_check_bool(LDAP *ld, LDAPMessage *entry, char *option) struct berval **bv, **p; char ch, *var; int ret = UNSPEC; - debug_decl(sudo_ldap_check_bool, SUDO_DEBUG_LDAP) + debug_decl(sudo_ldap_check_bool, SUDO_DEBUG_LDAP, sudoers_debug_instance) if (entry == NULL) debug_return_bool(ret); @@ -1014,7 +1014,7 @@ sudo_ldap_parse_options(LDAP *ld, LDAPMessage *entry) { struct berval **bv, **p; char op, *var, *val; - debug_decl(sudo_ldap_parse_options, SUDO_DEBUG_LDAP) + debug_decl(sudo_ldap_parse_options, SUDO_DEBUG_LDAP, sudoers_debug_instance) if (entry == NULL) debug_return; @@ -1085,7 +1085,7 @@ sudo_ldap_timefilter(char *buffer, size_t buffersize) time_t now; char timebuffer[sizeof("20120727121554.0Z")]; int bytes = 0; - debug_decl(sudo_ldap_timefilter, SUDO_DEBUG_LDAP) + debug_decl(sudo_ldap_timefilter, SUDO_DEBUG_LDAP, sudoers_debug_instance) /* Make sure we have a formatted timestamp for __now__. */ time(&now); @@ -1119,7 +1119,7 @@ static char * sudo_ldap_build_default_filter(void) { char *filt; - debug_decl(sudo_ldap_build_default_filter, SUDO_DEBUG_LDAP) + debug_decl(sudo_ldap_build_default_filter, SUDO_DEBUG_LDAP, sudoers_debug_instance) if (ldap_conf.search_filter) sudo_easprintf(&filt, "(&%s(cn=defaults))", ldap_conf.search_filter); @@ -1232,7 +1232,7 @@ sudo_ldap_build_pass1(struct passwd *pw) struct group_list *grlist; size_t sz = 0; int i; - debug_decl(sudo_ldap_build_pass1, SUDO_DEBUG_LDAP) + debug_decl(sudo_ldap_build_pass1, SUDO_DEBUG_LDAP, sudoers_debug_instance) /* If there is a filter, allocate space for the global AND. */ if (ldap_conf.timed || ldap_conf.search_filter) @@ -1348,7 +1348,7 @@ static char * sudo_ldap_build_pass2(void) { char *filt, timebuffer[TIMEFILTER_LENGTH + 1]; - debug_decl(sudo_ldap_build_pass2, SUDO_DEBUG_LDAP) + debug_decl(sudo_ldap_build_pass2, SUDO_DEBUG_LDAP, sudoers_debug_instance) /* Short circuit if no non-Unix group support. */ if (!def_use_netgroups && !def_group_plugin) { @@ -1389,7 +1389,7 @@ sudo_ldap_decode_secret(const char *secret) { unsigned char *result = NULL; size_t len, reslen; - debug_decl(sudo_ldap_decode_secret, SUDO_DEBUG_LDAP) + debug_decl(sudo_ldap_decode_secret, SUDO_DEBUG_LDAP, sudoers_debug_instance) if (strncasecmp(secret, "base64:", sizeof("base64:") - 1) == 0) { /* @@ -1415,7 +1415,7 @@ sudo_ldap_read_secret(const char *path) { FILE *fp; char buf[LINE_MAX]; - debug_decl(sudo_ldap_read_secret, SUDO_DEBUG_LDAP) + debug_decl(sudo_ldap_read_secret, SUDO_DEBUG_LDAP, sudoers_debug_instance) if ((fp = fopen(path_ldap_secret, "r")) != NULL) { if (fgets(buf, sizeof(buf), fp) != NULL) { @@ -1444,7 +1444,7 @@ sudo_ldap_parse_keyword(const char *keyword, const char *value, { struct ldap_config_table *cur; const char *errstr; - debug_decl(sudo_ldap_parse_keyword, SUDO_DEBUG_LDAP) + debug_decl(sudo_ldap_parse_keyword, SUDO_DEBUG_LDAP, sudoers_debug_instance) /* Look up keyword in config tables */ for (cur = table; cur->conf_str != NULL; cur++) { @@ -1500,7 +1500,7 @@ static const char * sudo_krb5_ccname_path(const char *old_ccname) { const char *ccname = old_ccname; - debug_decl(sudo_krb5_ccname_path, SUDO_DEBUG_LDAP) + debug_decl(sudo_krb5_ccname_path, SUDO_DEBUG_LDAP, sudoers_debug_instance) /* Strip off leading FILE: or WRFILE: prefix. */ switch (ccname[0]) { @@ -1527,7 +1527,7 @@ sudo_check_krb5_ccname(const char *ccname) { int fd = -1; const char *ccname_path; - debug_decl(sudo_check_krb5_ccname, SUDO_DEBUG_LDAP) + debug_decl(sudo_check_krb5_ccname, SUDO_DEBUG_LDAP, sudoers_debug_instance) /* Strip off prefix to get path name. */ ccname_path = sudo_krb5_ccname_path(ccname); @@ -1556,7 +1556,7 @@ sudo_ldap_read_config(void) FILE *fp; char *cp, *keyword, *value, *line = NULL; size_t linesize = 0; - debug_decl(sudo_ldap_read_config, SUDO_DEBUG_LDAP) + debug_decl(sudo_ldap_read_config, SUDO_DEBUG_LDAP, sudoers_debug_instance) /* defaults */ ldap_conf.version = 3; @@ -1790,7 +1790,7 @@ sudo_ldap_get_first_rdn(LDAP *ld, LDAPMessage *entry) #ifdef HAVE_LDAP_STR2DN char *dn, *rdn = NULL; LDAPDN tmpDN; - debug_decl(sudo_ldap_get_first_rdn, SUDO_DEBUG_LDAP) + debug_decl(sudo_ldap_get_first_rdn, SUDO_DEBUG_LDAP, sudoers_debug_instance) if ((dn = ldap_get_dn(ld, entry)) == NULL) debug_return_str(NULL); @@ -1802,7 +1802,7 @@ sudo_ldap_get_first_rdn(LDAP *ld, LDAPMessage *entry) debug_return_str(rdn); #else char *dn, **edn; - debug_decl(sudo_ldap_get_first_rdn, SUDO_DEBUG_LDAP) + debug_decl(sudo_ldap_get_first_rdn, SUDO_DEBUG_LDAP, sudoers_debug_instance) if ((dn = ldap_get_dn(ld, entry)) == NULL) return NULL; @@ -1827,7 +1827,7 @@ sudo_ldap_display_defaults(struct sudo_nss *nss, struct passwd *pw, LDAPMessage *entry, *result; char *prefix, *filt; int rc, count = 0; - debug_decl(sudo_ldap_display_defaults, SUDO_DEBUG_LDAP) + debug_decl(sudo_ldap_display_defaults, SUDO_DEBUG_LDAP, sudoers_debug_instance) if (handle == NULL || handle->ld == NULL) goto done; @@ -1873,7 +1873,7 @@ static int sudo_ldap_display_bound_defaults(struct sudo_nss *nss, struct passwd *pw, struct sudo_lbuf *lbuf) { - debug_decl(sudo_ldap_display_bound_defaults, SUDO_DEBUG_LDAP) + debug_decl(sudo_ldap_display_bound_defaults, SUDO_DEBUG_LDAP, sudoers_debug_instance) debug_return_int(0); } @@ -1885,7 +1885,7 @@ sudo_ldap_display_entry_short(LDAP *ld, LDAPMessage *entry, struct sudo_lbuf *lb { struct berval **bv, **p; int count = 0; - debug_decl(sudo_ldap_display_entry_short, SUDO_DEBUG_LDAP) + debug_decl(sudo_ldap_display_entry_short, SUDO_DEBUG_LDAP, sudoers_debug_instance) sudo_lbuf_append(lbuf, " ("); @@ -1955,7 +1955,7 @@ sudo_ldap_display_entry_long(LDAP *ld, LDAPMessage *entry, struct sudo_lbuf *lbu struct berval **bv, **p; char *rdn; int count = 0; - debug_decl(sudo_ldap_display_entry_long, SUDO_DEBUG_LDAP) + debug_decl(sudo_ldap_display_entry_long, SUDO_DEBUG_LDAP, sudoers_debug_instance) /* extract the dn, only show the first rdn */ rdn = sudo_ldap_get_first_rdn(ld, entry); @@ -2040,7 +2040,7 @@ sudo_ldap_display_privs(struct sudo_nss *nss, struct passwd *pw, struct ldap_result *lres; LDAPMessage *entry; int i, count = 0; - debug_decl(sudo_ldap_display_privs, SUDO_DEBUG_LDAP) + debug_decl(sudo_ldap_display_privs, SUDO_DEBUG_LDAP, sudoers_debug_instance) if (handle == NULL || handle->ld == NULL) goto done; @@ -2071,7 +2071,7 @@ sudo_ldap_display_cmnd(struct sudo_nss *nss, struct passwd *pw) LDAPMessage *entry; bool found = false; int i; - debug_decl(sudo_ldap_display_cmnd, SUDO_DEBUG_LDAP) + debug_decl(sudo_ldap_display_cmnd, SUDO_DEBUG_LDAP, sudoers_debug_instance) if (handle == NULL || handle->ld == NULL) goto done; @@ -2108,7 +2108,7 @@ sudo_set_krb5_ccache_name(const char *name, const char **old_name) int rc = 0; unsigned int junk; static bool initialized; - debug_decl(sudo_set_krb5_ccache_name, SUDO_DEBUG_LDAP) + debug_decl(sudo_set_krb5_ccache_name, SUDO_DEBUG_LDAP, sudoers_debug_instance) if (!initialized) { sudo_gss_krb5_ccache_name = @@ -2151,7 +2151,7 @@ sudo_krb5_copy_cc_file(const char *old_ccname) ssize_t nread, nwritten = -1; static char new_ccname[sizeof(_PATH_TMP) + sizeof("sudocc_XXXXXXXX") - 1]; char buf[10240], *ret = NULL; - debug_decl(sudo_krb5_copy_cc_file, SUDO_DEBUG_LDAP) + debug_decl(sudo_krb5_copy_cc_file, SUDO_DEBUG_LDAP, sudoers_debug_instance) old_ccname = sudo_krb5_ccname_path(old_ccname); if (old_ccname != NULL) { @@ -2212,7 +2212,7 @@ sudo_ldap_sasl_interact(LDAP *ld, unsigned int flags, void *_auth_id, char *auth_id = (char *)_auth_id; sasl_interact_t *interact = (sasl_interact_t *)_interact; int rc = LDAP_SUCCESS; - debug_decl(sudo_ldap_sasl_interact, SUDO_DEBUG_LDAP) + debug_decl(sudo_ldap_sasl_interact, SUDO_DEBUG_LDAP, sudoers_debug_instance) for (; interact->id != SASL_CB_LIST_END; interact++) { if (interact->id != SASL_CB_USER) { @@ -2254,7 +2254,7 @@ sudo_ldap_set_options_table(LDAP *ld, struct ldap_config_table *table) struct ldap_config_table *cur; int ival, rc, errors = 0; char *sval; - debug_decl(sudo_ldap_set_options_table, SUDO_DEBUG_LDAP) + debug_decl(sudo_ldap_set_options_table, SUDO_DEBUG_LDAP, sudoers_debug_instance) for (cur = table; cur->conf_str != NULL; cur++) { if (cur->opt_val == -1) @@ -2299,7 +2299,7 @@ static int sudo_ldap_set_options_global(void) { int rc; - debug_decl(sudo_ldap_set_options_global, SUDO_DEBUG_LDAP) + debug_decl(sudo_ldap_set_options_global, SUDO_DEBUG_LDAP, sudoers_debug_instance) /* Set ber options */ #ifdef LBER_OPT_DEBUG_LEVEL @@ -2320,7 +2320,7 @@ static int sudo_ldap_set_options_conn(LDAP *ld) { int rc; - debug_decl(sudo_ldap_set_options_conn, SUDO_DEBUG_LDAP) + debug_decl(sudo_ldap_set_options_conn, SUDO_DEBUG_LDAP, sudoers_debug_instance) /* Parse per-connection LDAP options table. */ rc = sudo_ldap_set_options_table(ld, ldap_conf_conn); @@ -2382,7 +2382,7 @@ static struct ldap_result * sudo_ldap_result_alloc(void) { struct ldap_result *result; - debug_decl(sudo_ldap_result_alloc, SUDO_DEBUG_LDAP) + debug_decl(sudo_ldap_result_alloc, SUDO_DEBUG_LDAP, sudoers_debug_instance) result = sudo_ecalloc(1, sizeof(*result)); STAILQ_INIT(&result->searches); @@ -2397,7 +2397,7 @@ static void sudo_ldap_result_free(struct ldap_result *lres) { struct ldap_search_result *s; - debug_decl(sudo_ldap_result_free, SUDO_DEBUG_LDAP) + debug_decl(sudo_ldap_result_free, SUDO_DEBUG_LDAP, sudoers_debug_instance) if (lres != NULL) { if (lres->nentries) { @@ -2422,7 +2422,7 @@ sudo_ldap_result_add_search(struct ldap_result *lres, LDAP *ldap, LDAPMessage *searchresult) { struct ldap_search_result *news; - debug_decl(sudo_ldap_result_add_search, SUDO_DEBUG_LDAP) + debug_decl(sudo_ldap_result_add_search, SUDO_DEBUG_LDAP, sudoers_debug_instance) /* Create new entry and add it to the end of the chain. */ news = sudo_ecalloc(1, sizeof(*news)); @@ -2441,7 +2441,7 @@ static int sudo_ldap_bind_s(LDAP *ld) { int rc; - debug_decl(sudo_ldap_bind_s, SUDO_DEBUG_LDAP) + debug_decl(sudo_ldap_bind_s, SUDO_DEBUG_LDAP, sudoers_debug_instance) #ifdef HAVE_LDAP_SASL_INTERACTIVE_BIND_S if (ldap_conf.rootuse_sasl == true || @@ -2537,7 +2537,7 @@ sudo_ldap_open(struct sudo_nss *nss) sigaction_t sa, saved_sa_pipe; bool ldapnoinit = false; struct sudo_ldap_handle *handle; - debug_decl(sudo_ldap_open, SUDO_DEBUG_LDAP) + debug_decl(sudo_ldap_open, SUDO_DEBUG_LDAP, sudoers_debug_instance) /* Ignore SIGPIPE if we cannot bind to the server. */ memset(&sa, 0, sizeof(sa)); @@ -2641,7 +2641,7 @@ sudo_ldap_setdefs(struct sudo_nss *nss) LDAPMessage *entry, *result; char *filt; int rc; - debug_decl(sudo_ldap_setdefs, SUDO_DEBUG_LDAP) + debug_decl(sudo_ldap_setdefs, SUDO_DEBUG_LDAP, sudoers_debug_instance) if (handle == NULL || handle->ld == NULL) debug_return_int(-1); @@ -2684,7 +2684,7 @@ sudo_ldap_lookup(struct sudo_nss *nss, int ret, int pwflag) LDAPMessage *entry; int i, rc, setenv_implied; struct ldap_result *lres = NULL; - debug_decl(sudo_ldap_lookup, SUDO_DEBUG_LDAP) + debug_decl(sudo_ldap_lookup, SUDO_DEBUG_LDAP, sudoers_debug_instance) if (handle == NULL || handle->ld == NULL) debug_return_int(ret); @@ -2803,7 +2803,7 @@ ldap_entry_compare(const void *a, const void *b) { const struct ldap_entry_wrapper *aw = a; const struct ldap_entry_wrapper *bw = b; - debug_decl(ldap_entry_compare, SUDO_DEBUG_LDAP) + debug_decl(ldap_entry_compare, SUDO_DEBUG_LDAP, sudoers_debug_instance) debug_return_int(bw->order < aw->order ? -1 : (bw->order > aw->order ? 1 : 0)); @@ -2816,7 +2816,7 @@ ldap_entry_compare(const void *a, const void *b) static struct ldap_search_result * sudo_ldap_result_last_search(struct ldap_result *lres) { - debug_decl(sudo_ldap_result_last_search, SUDO_DEBUG_LDAP) + debug_decl(sudo_ldap_result_last_search, SUDO_DEBUG_LDAP, sudoers_debug_instance) debug_return_ptr(STAILQ_LAST(&lres->searches, ldap_search_result, entries)); } @@ -2831,7 +2831,7 @@ sudo_ldap_result_add_entry(struct ldap_result *lres, LDAPMessage *entry) struct berval **bv; double order = 0.0; char *ep; - debug_decl(sudo_ldap_result_add_entry, SUDO_DEBUG_LDAP) + debug_decl(sudo_ldap_result_add_entry, SUDO_DEBUG_LDAP, sudoers_debug_instance) /* Determine whether the entry has the sudoOrder attribute. */ last = sudo_ldap_result_last_search(lres); @@ -2874,7 +2874,7 @@ static void sudo_ldap_result_free_nss(struct sudo_nss *nss) { struct sudo_ldap_handle *handle = nss->handle; - debug_decl(sudo_ldap_result_free_nss, SUDO_DEBUG_LDAP) + debug_decl(sudo_ldap_result_free_nss, SUDO_DEBUG_LDAP, sudoers_debug_instance) if (handle->result != NULL) { DPRINTF1("removing reusable search result"); @@ -2904,7 +2904,7 @@ sudo_ldap_result_get(struct sudo_nss *nss, struct passwd *pw) LDAP *ld = handle->ld; int pass, rc; char *filt; - debug_decl(sudo_ldap_result_get, SUDO_DEBUG_LDAP) + debug_decl(sudo_ldap_result_get, SUDO_DEBUG_LDAP, sudoers_debug_instance) /* * If we already have a cached result, return it so we don't have to @@ -3000,7 +3000,7 @@ static int sudo_ldap_close(struct sudo_nss *nss) { struct sudo_ldap_handle *handle = nss->handle; - debug_decl(sudo_ldap_close, SUDO_DEBUG_LDAP) + debug_decl(sudo_ldap_close, SUDO_DEBUG_LDAP, sudoers_debug_instance) if (handle != NULL) { /* Free the result before unbinding; it may use the LDAP connection. */ diff --git a/plugins/sudoers/linux_audit.c b/plugins/sudoers/linux_audit.c index 2e5f43d74..a194b325a 100644 --- a/plugins/sudoers/linux_audit.c +++ b/plugins/sudoers/linux_audit.c @@ -50,7 +50,7 @@ static int linux_audit_open(void) { static int au_fd = -1; - debug_decl(linux_audit_open, SUDO_DEBUG_AUDIT) + debug_decl(linux_audit_open, SUDO_DEBUG_AUDIT, sudoers_debug_instance) if (au_fd != -1) debug_return_int(au_fd); @@ -73,7 +73,7 @@ linux_audit_command(char *argv[], int result) int au_fd, rc = -1; char *command, *cp, **av; size_t size, n; - debug_decl(linux_audit_command, SUDO_DEBUG_AUDIT) + debug_decl(linux_audit_command, SUDO_DEBUG_AUDIT, sudoers_debug_instance) /* Don't return an error if auditing is not configured. */ if ((au_fd = linux_audit_open()) < 0) diff --git a/plugins/sudoers/logging.c b/plugins/sudoers/logging.c index 2b9a94731..b68e26901 100644 --- a/plugins/sudoers/logging.c +++ b/plugins/sudoers/logging.c @@ -87,7 +87,7 @@ mysyslog(int pri, const char *fmt, ...) #endif char buf[MAXSYSLOGLEN+1]; va_list ap; - debug_decl(mysyslog, SUDO_DEBUG_LOGGING) + debug_decl(mysyslog, SUDO_DEBUG_LOGGING, sudoers_debug_instance) va_start(ap, fmt); #ifdef LOG_NFACILITIES @@ -124,7 +124,7 @@ do_syslog(int pri, char *msg) char *p, *tmp, save; const char *fmt; int oldlocale; - debug_decl(do_syslog, SUDO_DEBUG_LOGGING) + debug_decl(do_syslog, SUDO_DEBUG_LOGGING, sudoers_debug_instance) sudoers_setlocale(SUDOERS_LOCALE_SUDOERS, &oldlocale); @@ -176,7 +176,7 @@ do_logfile(char *msg) mode_t oldmask; int oldlocale; FILE *fp; - debug_decl(do_logfile, SUDO_DEBUG_LOGGING) + debug_decl(do_logfile, SUDO_DEBUG_LOGGING, sudoers_debug_instance) sudoers_setlocale(SUDOERS_LOCALE_SUDOERS, &oldlocale); @@ -235,7 +235,7 @@ log_denial(int status, bool inform_user) char *logline; int oldlocale; bool uid_changed; - debug_decl(log_denial, SUDO_DEBUG_LOGGING) + debug_decl(log_denial, SUDO_DEBUG_LOGGING, sudoers_debug_instance) /* Handle auditing first (audit_failure() handles the locale itself). */ if (ISSET(status, FLAG_NO_USER | FLAG_NO_HOST)) @@ -315,7 +315,7 @@ void log_failure(int status, int flags) { bool inform_user = true; - debug_decl(log_failure, SUDO_DEBUG_LOGGING) + debug_decl(log_failure, SUDO_DEBUG_LOGGING, sudoers_debug_instance) /* The user doesn't always get to see the log message (path info). */ if (!ISSET(status, FLAG_NO_USER | FLAG_NO_HOST) && def_path_info && @@ -347,7 +347,7 @@ void log_auth_failure(int status, unsigned int tries) { int flags = 0; - debug_decl(log_auth_failure, SUDO_DEBUG_LOGGING) + debug_decl(log_auth_failure, SUDO_DEBUG_LOGGING, sudoers_debug_instance) /* Handle auditing first. */ audit_failure(NewArgc, NewArgv, N_("authentication failure")); @@ -390,7 +390,7 @@ log_allowed(int status) char *logline; int oldlocale; bool uid_changed; - debug_decl(log_allowed, SUDO_DEBUG_LOGGING) + debug_decl(log_allowed, SUDO_DEBUG_LOGGING, sudoers_debug_instance) /* Log and mail messages should be in the sudoers locale. */ sudoers_setlocale(SUDOERS_LOCALE_SUDOERS, &oldlocale); @@ -431,7 +431,7 @@ vlog_warning(int flags, const char *fmt, va_list ap) char *logline, *message; bool uid_changed; va_list ap2; - debug_decl(vlog_error, SUDO_DEBUG_LOGGING) + debug_decl(vlog_error, SUDO_DEBUG_LOGGING, sudoers_debug_instance) /* Need extra copy of ap for sudo_vwarn()/sudo_vwarnx() below. */ if (!ISSET(flags, SLOG_NO_STDERR)) @@ -517,7 +517,7 @@ void log_warning(int flags, const char *fmt, ...) { va_list ap; - debug_decl(log_error, SUDO_DEBUG_LOGGING) + debug_decl(log_error, SUDO_DEBUG_LOGGING, sudoers_debug_instance) /* Log the error. */ va_start(ap, fmt); @@ -531,7 +531,7 @@ void log_warningx(int flags, const char *fmt, ...) { va_list ap; - debug_decl(log_error, SUDO_DEBUG_LOGGING) + debug_decl(log_error, SUDO_DEBUG_LOGGING, sudoers_debug_instance) /* Log the error. */ va_start(ap, fmt); @@ -567,7 +567,7 @@ send_mail(const char *fmt, ...) NULL }; #endif /* NO_ROOT_MAILER */ - debug_decl(send_mail, SUDO_DEBUG_LOGGING) + debug_decl(send_mail, SUDO_DEBUG_LOGGING, sudoers_debug_instance) /* If mailer is disabled just return. */ if (!def_mailerpath || !def_mailto) @@ -754,7 +754,7 @@ send_mail(const char *fmt, ...) static int should_mail(int status) { - debug_decl(should_mail, SUDO_DEBUG_LOGGING) + debug_decl(should_mail, SUDO_DEBUG_LOGGING, sudoers_debug_instance) debug_return_bool(def_mail_always || ISSET(status, VALIDATE_ERROR) || (def_mail_no_user && ISSET(status, FLAG_NO_USER)) || @@ -790,7 +790,7 @@ new_logline(const char *message, int serrno) #endif const char *tsid = NULL; size_t len = 0; - debug_decl(new_logline, SUDO_DEBUG_LOGGING) + debug_decl(new_logline, SUDO_DEBUG_LOGGING, sudoers_debug_instance) #ifndef SUDOERS_NO_SEQ /* A TSID may be a sudoers-style session ID or a free-form string. */ diff --git a/plugins/sudoers/logwrap.c b/plugins/sudoers/logwrap.c index 16cdd9f98..0c1d67082 100644 --- a/plugins/sudoers/logwrap.c +++ b/plugins/sudoers/logwrap.c @@ -1,5 +1,5 @@ /* - * Copyright (c) 2011 Todd C. Miller + * Copyright (c) 2011, 2014 Todd C. Miller * * Permission to use, copy, modify, and distribute this software for any * purpose with or without fee is hereby granted, provided that the above @@ -41,7 +41,7 @@ writeln_wrap(FILE *fp, char *line, size_t len, size_t maxlen) char *indent = ""; char *beg = line; char *end; - debug_decl(writeln_wrap, SUDO_DEBUG_LOGGING) + debug_decl(writeln_wrap, SUDO_DEBUG_LOGGING, sudoers_debug_instance) /* * Print out line with word wrap around maxlen characters. diff --git a/plugins/sudoers/match.c b/plugins/sudoers/match.c index c9b131e9b..968358acd 100644 --- a/plugins/sudoers/match.c +++ b/plugins/sudoers/match.c @@ -1,5 +1,5 @@ /* - * Copyright (c) 1996, 1998-2005, 2007-2013 + * Copyright (c) 1996, 1998-2005, 2007-2014 * Todd C. Miller * * Permission to use, copy, modify, and distribute this software for any @@ -119,7 +119,7 @@ userlist_matches(const struct passwd *pw, const struct member_list *list) struct member *m; struct alias *a; int rval, matched = UNSPEC; - debug_decl(userlist_matches, SUDO_DEBUG_MATCH) + debug_decl(userlist_matches, SUDO_DEBUG_MATCH, sudoers_debug_instance) TAILQ_FOREACH_REVERSE(m, list, member_list, entries) { switch (m->type) { @@ -169,7 +169,7 @@ runaslist_matches(const struct member_list *user_list, int rval; int user_matched = UNSPEC; int group_matched = UNSPEC; - debug_decl(runaslist_matches, SUDO_DEBUG_MATCH) + debug_decl(runaslist_matches, SUDO_DEBUG_MATCH, sudoers_debug_instance) if (runas_pw != NULL) { /* If no runas user or runas group listed in sudoers, use default. */ @@ -275,7 +275,7 @@ hostlist_matches(const struct member_list *list) struct member *m; struct alias *a; int rval, matched = UNSPEC; - debug_decl(hostlist_matches, SUDO_DEBUG_MATCH) + debug_decl(hostlist_matches, SUDO_DEBUG_MATCH, sudoers_debug_instance) TAILQ_FOREACH_REVERSE(m, list, member_list, entries) { switch (m->type) { @@ -319,7 +319,7 @@ cmndlist_matches(const struct member_list *list) { struct member *m; int matched = UNSPEC; - debug_decl(cmndlist_matches, SUDO_DEBUG_MATCH) + debug_decl(cmndlist_matches, SUDO_DEBUG_MATCH, sudoers_debug_instance) TAILQ_FOREACH_REVERSE(m, list, member_list, entries) { matched = cmnd_matches(m); @@ -339,7 +339,7 @@ cmnd_matches(const struct member *m) struct alias *a; struct sudo_command *c; int rval, matched = UNSPEC; - debug_decl(cmnd_matches, SUDO_DEBUG_MATCH) + debug_decl(cmnd_matches, SUDO_DEBUG_MATCH, sudoers_debug_instance) switch (m->type) { case ALL: @@ -366,7 +366,7 @@ static bool command_args_match(const char *sudoers_cmnd, const char *sudoers_args) { int flags = 0; - debug_decl(command_args_match, SUDO_DEBUG_MATCH) + debug_decl(command_args_match, SUDO_DEBUG_MATCH, sudoers_debug_instance) /* * If no args specified in sudoers, any user args are allowed. @@ -397,7 +397,7 @@ bool command_matches(const char *sudoers_cmnd, const char *sudoers_args, const struct sudo_digest *digest) { bool rc = false; - debug_decl(command_matches, SUDO_DEBUG_MATCH) + debug_decl(command_matches, SUDO_DEBUG_MATCH, sudoers_debug_instance) /* Check for pseudo-commands */ if (sudoers_cmnd[0] != '/') { @@ -445,7 +445,7 @@ done: static bool command_matches_fnmatch(const char *sudoers_cmnd, const char *sudoers_args) { - debug_decl(command_matches_fnmatch, SUDO_DEBUG_MATCH) + debug_decl(command_matches_fnmatch, SUDO_DEBUG_MATCH, sudoers_debug_instance) /* * Return true if fnmatch(3) succeeds AND @@ -473,7 +473,7 @@ command_matches_glob(const char *sudoers_cmnd, const char *sudoers_args) size_t dlen; char **ap, *base, *cp; glob_t gl; - debug_decl(command_matches_glob, SUDO_DEBUG_MATCH) + debug_decl(command_matches_glob, SUDO_DEBUG_MATCH, sudoers_debug_instance) /* * First check to see if we can avoid the call to glob(3). @@ -543,7 +543,7 @@ static bool command_matches_normal(const char *sudoers_cmnd, const char *sudoers_args, const struct sudo_digest *digest) { size_t dlen; - debug_decl(command_matches_normal, SUDO_DEBUG_MATCH) + debug_decl(command_matches_normal, SUDO_DEBUG_MATCH, sudoers_debug_instance) dlen = strlen(sudoers_cmnd); @@ -615,7 +615,7 @@ digest_matches(const char *file, const struct sudo_digest *sd) FILE *fp; unsigned int i; int h; - debug_decl(digest_matches, SUDO_DEBUG_MATCH) + debug_decl(digest_matches, SUDO_DEBUG_MATCH, sudoers_debug_instance) for (i = 0; digest_functions[i].digest_name != NULL; i++) { if (sd->digest_type == i) { @@ -678,7 +678,7 @@ command_matches_normal(const char *sudoers_cmnd, const char *sudoers_args, const struct stat sudoers_stat; const char *base; size_t dlen; - debug_decl(command_matches_normal, SUDO_DEBUG_MATCH) + debug_decl(command_matches_normal, SUDO_DEBUG_MATCH, sudoers_debug_instance) /* If it ends in '/' it is a directory spec. */ dlen = strlen(sudoers_cmnd); @@ -725,7 +725,7 @@ command_matches_normal(const char *sudoers_cmnd, const char *sudoers_args, const static bool command_matches_dir(const char *sudoers_dir, size_t dlen) { - debug_decl(command_matches_dir, SUDO_DEBUG_MATCH) + debug_decl(command_matches_dir, SUDO_DEBUG_MATCH, sudoers_debug_instance) debug_return_bool(strncmp(user_cmnd, sudoers_dir, dlen) == 0); } #else /* !SUDOERS_NAME_MATCH */ @@ -739,7 +739,7 @@ command_matches_dir(const char *sudoers_dir, size_t dlen) struct dirent *dent; char buf[PATH_MAX]; DIR *dirp; - debug_decl(command_matches_dir, SUDO_DEBUG_MATCH) + debug_decl(command_matches_dir, SUDO_DEBUG_MATCH, sudoers_debug_instance) /* * Grot through directory entries, looking for user_base. @@ -784,7 +784,7 @@ hostname_matches(const char *shost, const char *lhost, const char *pattern) { const char *host; bool rc; - debug_decl(hostname_matches, SUDO_DEBUG_MATCH) + debug_decl(hostname_matches, SUDO_DEBUG_MATCH, sudoers_debug_instance) host = strchr(pattern, '.') != NULL ? lhost : shost; if (has_meta(pattern)) { @@ -808,7 +808,7 @@ userpw_matches(const char *sudoers_user, const char *user, const struct passwd * const char *errstr; uid_t uid; bool rc; - debug_decl(userpw_matches, SUDO_DEBUG_MATCH) + debug_decl(userpw_matches, SUDO_DEBUG_MATCH, sudoers_debug_instance) if (pw != NULL && *sudoers_user == '#') { uid = (uid_t) sudo_strtoid(sudoers_user + 1, NULL, NULL, &errstr); @@ -835,7 +835,7 @@ group_matches(const char *sudoers_group, const struct group *gr) const char *errstr; gid_t gid; bool rc; - debug_decl(group_matches, SUDO_DEBUG_MATCH) + debug_decl(group_matches, SUDO_DEBUG_MATCH, sudoers_debug_instance) if (*sudoers_group == '#') { gid = (gid_t) sudo_strtoid(sudoers_group + 1, NULL, NULL, &errstr); @@ -861,7 +861,7 @@ usergr_matches(const char *group, const char *user, const struct passwd *pw) { int matched = false; struct passwd *pw0 = NULL; - debug_decl(usergr_matches, SUDO_DEBUG_MATCH) + debug_decl(usergr_matches, SUDO_DEBUG_MATCH, sudoers_debug_instance) /* make sure we have a valid usergroup, sudo style */ if (*group++ != '%') { @@ -947,7 +947,7 @@ netgr_matches(const char *netgr, const char *lhost, const char *shost, const cha static int initialized; #endif bool rc = false; - debug_decl(netgr_matches, SUDO_DEBUG_MATCH) + debug_decl(netgr_matches, SUDO_DEBUG_MATCH, sudoers_debug_instance) if (!def_use_netgroups) { sudo_debug_printf(SUDO_DEBUG_INFO, "netgroups are disabled"); diff --git a/plugins/sudoers/match_addr.c b/plugins/sudoers/match_addr.c index 75c0bbc4c..6ad2ab8ab 100644 --- a/plugins/sudoers/match_addr.c +++ b/plugins/sudoers/match_addr.c @@ -1,5 +1,5 @@ /* - * Copyright (c) 1996, 1998-2005, 2007-2013 + * Copyright (c) 1996, 1998-2005, 2007-2014 * Todd C. Miller * * Permission to use, copy, modify, and distribute this software for any @@ -58,7 +58,7 @@ addr_matches_if(const char *n) unsigned int j; #endif unsigned int family; - debug_decl(addr_matches_if, SUDO_DEBUG_MATCH) + debug_decl(addr_matches_if, SUDO_DEBUG_MATCH, sudoers_debug_instance) #ifdef HAVE_STRUCT_IN6_ADDR if (inet_pton(AF_INET6, n, &addr.ip6) == 1) { @@ -111,7 +111,7 @@ addr_matches_if_netmask(const char *n, const char *m) #endif unsigned int family; const char *errstr; - debug_decl(addr_matches_if, SUDO_DEBUG_MATCH) + debug_decl(addr_matches_if, SUDO_DEBUG_MATCH, sudoers_debug_instance) #ifdef HAVE_STRUCT_IN6_ADDR if (inet_pton(AF_INET6, n, &addr.ip6) == 1) @@ -203,7 +203,7 @@ addr_matches(char *n) { char *m; bool rc; - debug_decl(addr_matches, SUDO_DEBUG_MATCH) + debug_decl(addr_matches, SUDO_DEBUG_MATCH, sudoers_debug_instance) /* If there's an explicit netmask, use it. */ if ((m = strchr(n, '/'))) { diff --git a/plugins/sudoers/parse.c b/plugins/sudoers/parse.c index 04143048b..0a21fd20f 100644 --- a/plugins/sudoers/parse.c +++ b/plugins/sudoers/parse.c @@ -82,7 +82,7 @@ struct sudo_nss sudo_nss_file = { int sudo_file_open(struct sudo_nss *nss) { - debug_decl(sudo_file_open, SUDO_DEBUG_NSS) + debug_decl(sudo_file_open, SUDO_DEBUG_NSS, sudoers_debug_instance) if (def_ignore_local_sudoers) debug_return_int(-1); @@ -93,7 +93,7 @@ sudo_file_open(struct sudo_nss *nss) int sudo_file_close(struct sudo_nss *nss) { - debug_decl(sudo_file_close, SUDO_DEBUG_NSS) + debug_decl(sudo_file_close, SUDO_DEBUG_NSS, sudoers_debug_instance) /* Free parser data structures and close sudoers file. */ init_parser(NULL, false); @@ -111,7 +111,7 @@ sudo_file_close(struct sudo_nss *nss) int sudo_file_parse(struct sudo_nss *nss) { - debug_decl(sudo_file_close, SUDO_DEBUG_NSS) + debug_decl(sudo_file_close, SUDO_DEBUG_NSS, sudoers_debug_instance) if (nss->handle == NULL) debug_return_int(-1); @@ -136,7 +136,7 @@ sudo_file_parse(struct sudo_nss *nss) int sudo_file_setdefs(struct sudo_nss *nss) { - debug_decl(sudo_file_setdefs, SUDO_DEBUG_NSS) + debug_decl(sudo_file_setdefs, SUDO_DEBUG_NSS, sudoers_debug_instance) if (nss->handle == NULL) debug_return_int(-1); @@ -159,7 +159,7 @@ sudo_file_lookup(struct sudo_nss *nss, int validated, int pwflag) struct privilege *priv; struct userspec *us; struct member *matching_user; - debug_decl(sudo_file_lookup, SUDO_DEBUG_NSS) + debug_decl(sudo_file_lookup, SUDO_DEBUG_NSS, sudoers_debug_instance) if (nss->handle == NULL) debug_return_int(validated); @@ -301,7 +301,7 @@ static void sudo_file_append_cmnd(struct cmndspec *cs, struct cmndtag *tags, struct sudo_lbuf *lbuf) { - debug_decl(sudo_file_append_cmnd, SUDO_DEBUG_NSS) + debug_decl(sudo_file_append_cmnd, SUDO_DEBUG_NSS, sudoers_debug_instance) #ifdef HAVE_PRIV_SET if (cs->privs) @@ -352,7 +352,7 @@ sudo_file_display_priv_short(struct passwd *pw, struct userspec *us, struct privilege *priv; struct cmndtag tags; int nfound = 0; - debug_decl(sudo_file_display_priv_short, SUDO_DEBUG_NSS) + debug_decl(sudo_file_display_priv_short, SUDO_DEBUG_NSS, sudoers_debug_instance) /* gcc -Wuninitialized false positive */ tags.noexec = UNSPEC; @@ -448,7 +448,7 @@ sudo_file_display_priv_long(struct passwd *pw, struct userspec *us, struct member *m; struct privilege *priv; int nfound = 0, olen; - debug_decl(sudo_file_display_priv_long, SUDO_DEBUG_NSS) + debug_decl(sudo_file_display_priv_long, SUDO_DEBUG_NSS, sudoers_debug_instance) TAILQ_FOREACH(priv, &us->privileges, entries) { if (hostlist_matches(&priv->hostlist) != ALLOW) @@ -527,7 +527,7 @@ sudo_file_display_privs(struct sudo_nss *nss, struct passwd *pw, { struct userspec *us; int nfound = 0; - debug_decl(sudo_file_display_priv, SUDO_DEBUG_NSS) + debug_decl(sudo_file_display_priv, SUDO_DEBUG_NSS, sudoers_debug_instance) if (nss->handle == NULL) goto done; @@ -555,7 +555,7 @@ sudo_file_display_defaults(struct sudo_nss *nss, struct passwd *pw, struct defaults *d; char *prefix; int nfound = 0; - debug_decl(sudo_file_display_defaults, SUDO_DEBUG_NSS) + debug_decl(sudo_file_display_defaults, SUDO_DEBUG_NSS, sudoers_debug_instance) if (nss->handle == NULL) goto done; @@ -606,7 +606,7 @@ sudo_file_display_bound_defaults(struct sudo_nss *nss, struct passwd *pw, struct sudo_lbuf *lbuf) { int nfound = 0; - debug_decl(sudo_file_display_bound_defaults, SUDO_DEBUG_NSS) + debug_decl(sudo_file_display_bound_defaults, SUDO_DEBUG_NSS, sudoers_debug_instance) /* XXX - should only print ones that match what the user can do. */ nfound += display_bound_defaults(DEFAULTS_RUNAS, lbuf); @@ -626,7 +626,7 @@ display_bound_defaults(int dtype, struct sudo_lbuf *lbuf) struct member *m; char *dsep; int atype, nfound = 0; - debug_decl(display_bound_defaults, SUDO_DEBUG_NSS) + debug_decl(display_bound_defaults, SUDO_DEBUG_NSS, sudoers_debug_instance) switch (dtype) { case DEFAULTS_HOST: @@ -685,7 +685,7 @@ sudo_file_display_cmnd(struct sudo_nss *nss, struct passwd *pw) struct userspec *us; int rval = 1; int host_match, runas_match, cmnd_match; - debug_decl(sudo_file_display_cmnd, SUDO_DEBUG_NSS) + debug_decl(sudo_file_display_cmnd, SUDO_DEBUG_NSS, sudoers_debug_instance) if (nss->handle == NULL) goto done; @@ -733,7 +733,7 @@ _print_member(struct sudo_lbuf *lbuf, char *name, int type, int negated, struct alias *a; struct member *m; struct sudo_command *c; - debug_decl(_print_member, SUDO_DEBUG_NSS) + debug_decl(_print_member, SUDO_DEBUG_NSS, sudoers_debug_instance) switch (type) { case ALL: diff --git a/plugins/sudoers/policy.c b/plugins/sudoers/policy.c index 6fdc4683a..0f81c0226 100644 --- a/plugins/sudoers/policy.c +++ b/plugins/sudoers/policy.c @@ -90,8 +90,10 @@ sudoers_policy_deserialize_info(void *v, char **runas_user, char **runas_group) char * const *cur; const char *p, *errstr, *groups = NULL; const char *remhost = NULL; + const char *plugin_path = NULL; + struct sudo_conf_debug_file_list debug_files = TAILQ_HEAD_INITIALIZER(debug_files); int flags = 0; - debug_decl(sudoers_policy_deserialize_info, SUDO_DEBUG_PLUGIN) + debug_decl(sudoers_policy_deserialize_info, SUDO_DEBUG_PLUGIN, sudoers_debug_instance) #define MATCHES(s, v) (strncmp(s, v, sizeof(v) - 1) == 0) @@ -153,6 +155,11 @@ sudoers_policy_deserialize_info(void *v, char **runas_user, char **runas_group) } continue; } + if (MATCHES(*cur, "debug_flags=")) { + sudoers_debug_parse_flags(&debug_files, + *cur + sizeof("debug_flags=") - 1); + continue; + } if (MATCHES(*cur, "runas_user=")) { *runas_user = *cur + sizeof("runas_user=") - 1; sudo_user.flags |= RUNAS_USER_SPECIFIED; @@ -269,6 +276,10 @@ sudoers_policy_deserialize_info(void *v, char **runas_user, char **runas_group) remhost = *cur + sizeof("remote_host=") - 1; continue; } + if (MATCHES(*cur, "plugin_path=")) { + plugin_path = *cur + sizeof("plugin_path=") - 1; + continue; + } } for (cur = info->user_info; *cur != NULL; cur++) { @@ -363,7 +374,10 @@ sudoers_policy_deserialize_info(void *v, char **runas_user, char **runas_group) user_umask = umask(SUDO_UMASK); umask(user_umask); - /* Settings and user info debug. */ + /* Setup debugging if indicated. */ + sudoers_debug_register(&debug_files, plugin_path); + + /* Dump settings and user info (XXX - plugin args) */ for (cur = info->settings; *cur != NULL; cur++) sudo_debug_printf(SUDO_DEBUG_INFO, "settings: %s", *cur); for (cur = info->user_info; *cur != NULL; cur++) @@ -389,7 +403,7 @@ sudoers_policy_exec_setup(char *argv[], char *envp[], mode_t cmnd_umask, char **command_info; int info_len = 0; int rval = -1; - debug_decl(sudoers_policy_exec_setup, SUDO_DEBUG_PLUGIN) + debug_decl(sudoers_policy_exec_setup, SUDO_DEBUG_PLUGIN, sudoers_debug_instance) /* Increase the length of command_info as needed, it is *not* checked. */ command_info = sudo_ecalloc(32, sizeof(char **)); @@ -524,7 +538,8 @@ sudoers_policy_open(unsigned int version, sudo_conv_t conversation, char * const user_info[], char * const envp[], char * const args[]) { struct sudoers_policy_open_info info; - debug_decl(sudoers_policy_open, SUDO_DEBUG_PLUGIN) + int prev_instance, rval; + debug_decl(sudoers_policy_open, SUDO_DEBUG_PLUGIN, sudoers_debug_instance) sudo_version = version; sudo_conv = conversation; @@ -534,17 +549,25 @@ sudoers_policy_open(unsigned int version, sudo_conv_t conversation, if (sudo_version < SUDO_API_MKVERSION(1, 2)) args = NULL; + prev_instance = sudo_debug_set_default_instance(sudoers_debug_instance); + /* Call the sudoers init function. */ info.settings = settings; info.user_info = user_info; info.plugin_args = args; - debug_return_bool(sudoers_policy_init(&info, envp)); + rval = sudoers_policy_init(&info, envp); + + sudo_debug_set_default_instance(prev_instance); + debug_return_bool(rval); } static void sudoers_policy_close(int exit_status, int error_code) { - debug_decl(sudoers_policy_close, SUDO_DEBUG_PLUGIN) + int prev_instance; + debug_decl(sudoers_policy_close, SUDO_DEBUG_PLUGIN, sudoers_debug_instance) + + prev_instance = sudo_debug_set_default_instance(sudoers_debug_instance); /* We do not currently log the exit status. */ if (error_code) { @@ -575,6 +598,12 @@ sudoers_policy_close(int exit_status, int error_code) } sudo_efree(user_gids); user_gids = NULL; + sudo_debug_set_default_instance(prev_instance); + + if (sudoers_debug_instance != SUDO_DEBUG_INSTANCE_INITIALIZER) { + sudo_debug_deregister(sudoers_debug_instance); + sudoers_debug_instance = SUDO_DEBUG_INSTANCE_INITIALIZER; + } debug_return; } @@ -587,13 +616,18 @@ sudoers_policy_close(int exit_status, int error_code) static int sudoers_policy_init_session(struct passwd *pwd, char **user_env[]) { - debug_decl(sudoers_policy_init_session, SUDO_DEBUG_PLUGIN) + int prev_instance, rval; + debug_decl(sudoers_policy_init_session, SUDO_DEBUG_PLUGIN, sudoers_debug_instance) + + prev_instance = sudo_debug_set_default_instance(sudoers_debug_instance); /* user_env is only specified for API version 1.2 and higher. */ if (sudo_version < SUDO_API_MKVERSION(1, 2)) user_env = NULL; - debug_return_bool(sudo_auth_begin_session(pwd, user_env)); + rval = sudo_auth_begin_session(pwd, user_env); + sudo_debug_set_default_instance(prev_instance); + debug_return_bool(rval); } static int @@ -601,9 +635,10 @@ sudoers_policy_check(int argc, char * const argv[], char *env_add[], char **command_infop[], char **argv_out[], char **user_env_out[]) { struct sudoers_exec_args exec_args; - int rval; - debug_decl(sudoers_policy_check, SUDO_DEBUG_PLUGIN) + int prev_instance, rval; + debug_decl(sudoers_policy_check, SUDO_DEBUG_PLUGIN, sudoers_debug_instance) + prev_instance = sudo_debug_set_default_instance(sudoers_debug_instance); if (!ISSET(sudo_mode, MODE_EDIT)) SET(sudo_mode, MODE_RUN); @@ -618,28 +653,37 @@ sudoers_policy_check(int argc, char * const argv[], char *env_add[], !sudo_auth_needs_end_session()) sudoers_policy.close = NULL; } + sudo_debug_set_default_instance(prev_instance); debug_return_bool(rval); } static int sudoers_policy_validate(void) { - debug_decl(sudoers_policy_validate, SUDO_DEBUG_PLUGIN) + int prev_instance, rval; + debug_decl(sudoers_policy_validate, SUDO_DEBUG_PLUGIN, sudoers_debug_instance) + prev_instance = sudo_debug_set_default_instance(sudoers_debug_instance); user_cmnd = "validate"; SET(sudo_mode, MODE_VALIDATE); - debug_return_bool(sudoers_policy_main(0, NULL, I_VERIFYPW, NULL, NULL)); + rval = sudoers_policy_main(0, NULL, I_VERIFYPW, NULL, NULL); + sudo_debug_set_default_instance(prev_instance); + debug_return_bool(rval); } static void sudoers_policy_invalidate(int remove) { - debug_decl(sudoers_policy_invalidate, SUDO_DEBUG_PLUGIN) + int prev_instance; + debug_decl(sudoers_policy_invalidate, SUDO_DEBUG_PLUGIN, sudoers_debug_instance) + + prev_instance = sudo_debug_set_default_instance(sudoers_debug_instance); user_cmnd = "kill"; remove_timestamp(remove); sudoers_cleanup(); + sudo_debug_set_default_instance(prev_instance); debug_return; } @@ -648,8 +692,10 @@ static int sudoers_policy_list(int argc, char * const argv[], int verbose, const char *list_user) { - int rval; - debug_decl(sudoers_policy_list, SUDO_DEBUG_PLUGIN) + int prev_instance, rval = -1; + debug_decl(sudoers_policy_list, SUDO_DEBUG_PLUGIN, sudoers_debug_instance) + + prev_instance = sudo_debug_set_default_instance(sudoers_debug_instance); user_cmnd = "list"; if (argc) @@ -662,7 +708,7 @@ sudoers_policy_list(int argc, char * const argv[], int verbose, list_pw = sudo_getpwnam(list_user); if (list_pw == NULL) { sudo_warnx(U_("unknown user: %s"), list_user); - debug_return_bool(-1); + goto done; } } rval = sudoers_policy_main(argc, argv, I_LISTPW, NULL, NULL); @@ -671,13 +717,18 @@ sudoers_policy_list(int argc, char * const argv[], int verbose, list_pw = NULL; } +done: + sudo_debug_set_default_instance(prev_instance); debug_return_bool(rval); } static int sudoers_policy_version(int verbose) { - debug_decl(sudoers_policy_version, SUDO_DEBUG_PLUGIN) + int prev_instance; + debug_decl(sudoers_policy_version, SUDO_DEBUG_PLUGIN, sudoers_debug_instance) + + prev_instance = sudo_debug_set_default_instance(sudoers_debug_instance); sudo_printf(SUDO_CONV_INFO_MSG, _("Sudoers policy plugin version %s\n"), PACKAGE_VERSION); @@ -701,6 +752,7 @@ sudoers_policy_version(int verbose) sudo_printf(SUDO_CONV_INFO_MSG, "\n"); } } + sudo_debug_set_default_instance(prev_instance); debug_return_bool(true); } @@ -708,6 +760,10 @@ static void sudoers_policy_register_hooks(int version, int (*register_hook)(struct sudo_hook *hook)) { struct sudo_hook hook; + int prev_instance; + debug_decl(sudoers_policy_register_hooks, SUDO_DEBUG_PLUGIN, sudoers_debug_instance) + + prev_instance = sudo_debug_set_default_instance(sudoers_debug_instance); memset(&hook, 0, sizeof(hook)); hook.hook_version = SUDO_HOOK_VERSION; @@ -727,6 +783,8 @@ sudoers_policy_register_hooks(int version, int (*register_hook)(struct sudo_hook hook.hook_type = SUDO_HOOK_PUTENV; hook.hook_fn = sudoers_hook_putenv; register_hook(&hook); + + sudo_debug_set_default_instance(prev_instance); } __dso_public struct policy_plugin sudoers_policy = { diff --git a/plugins/sudoers/prompt.c b/plugins/sudoers/prompt.c index 37cabf717..504a6b6a7 100644 --- a/plugins/sudoers/prompt.c +++ b/plugins/sudoers/prompt.c @@ -1,5 +1,5 @@ /* - * Copyright (c) 1993-1996,1998-2005, 2007-2013 + * Copyright (c) 1993-1996,1998-2005, 2007-2014 * Todd C. Miller * * Permission to use, copy, modify, and distribute this software for any @@ -53,7 +53,7 @@ expand_prompt(const char *old_prompt, const char *auth_user) int subst; const char *p; char *np, *new_prompt, *endp; - debug_decl(expand_prompt, SUDO_DEBUG_AUTH) + debug_decl(expand_prompt, SUDO_DEBUG_AUTH, sudoers_debug_instance) /* How much space do we need to malloc for the prompt? */ subst = 0; diff --git a/plugins/sudoers/pwutil.c b/plugins/sudoers/pwutil.c index 3dbc4a101..8ae2f15aa 100644 --- a/plugins/sudoers/pwutil.c +++ b/plugins/sudoers/pwutil.c @@ -1,5 +1,5 @@ /* - * Copyright (c) 1996, 1998-2005, 2007-2013 + * Copyright (c) 1996, 1998-2005, 2007-2014 * Todd C. Miller * * Permission to use, copy, modify, and distribute this software for any @@ -91,7 +91,7 @@ cmp_pwnam(const void *v1, const void *v2) void sudo_pw_addref(struct passwd *pw) { - debug_decl(sudo_pw_addref, SUDO_DEBUG_NSS) + debug_decl(sudo_pw_addref, SUDO_DEBUG_NSS, sudoers_debug_instance) ptr_to_item(pw)->refcnt++; debug_return; } @@ -100,7 +100,7 @@ static void sudo_pw_delref_item(void *v) { struct cache_item *item = v; - debug_decl(sudo_pw_delref_item, SUDO_DEBUG_NSS) + debug_decl(sudo_pw_delref_item, SUDO_DEBUG_NSS, sudoers_debug_instance) if (--item->refcnt == 0) sudo_efree(item); @@ -111,7 +111,7 @@ sudo_pw_delref_item(void *v) void sudo_pw_delref(struct passwd *pw) { - debug_decl(sudo_pw_delref, SUDO_DEBUG_NSS) + debug_decl(sudo_pw_delref, SUDO_DEBUG_NSS, sudoers_debug_instance) sudo_pw_delref_item(ptr_to_item(pw)); debug_return; } @@ -124,7 +124,7 @@ sudo_getpwuid(uid_t uid) { struct cache_item key, *item; struct rbnode *node; - debug_decl(sudo_getpwuid, SUDO_DEBUG_NSS) + debug_decl(sudo_getpwuid, SUDO_DEBUG_NSS, sudoers_debug_instance) key.k.uid = uid; if ((node = rbfind(pwcache_byuid, &key)) != NULL) { @@ -167,7 +167,7 @@ sudo_getpwnam(const char *name) struct cache_item key, *item; struct rbnode *node; size_t len; - debug_decl(sudo_getpwnam, SUDO_DEBUG_NSS) + debug_decl(sudo_getpwnam, SUDO_DEBUG_NSS, sudoers_debug_instance) key.k.name = (char *) name; if ((node = rbfind(pwcache_byname, &key)) != NULL) { @@ -215,7 +215,7 @@ sudo_mkpwent(const char *user, uid_t uid, gid_t gid, const char *home, struct rbnode *node; size_t len, name_len, home_len, shell_len; int i; - debug_decl(sudo_mkpwent, SUDO_DEBUG_NSS) + debug_decl(sudo_mkpwent, SUDO_DEBUG_NSS, sudoers_debug_instance) /* Optional arguments. */ if (home == NULL) @@ -278,7 +278,7 @@ sudo_fakepwnam(const char *user, gid_t gid) { const char *errstr; uid_t uid; - debug_decl(sudo_fakepwnam, SUDO_DEBUG_NSS) + debug_decl(sudo_fakepwnam, SUDO_DEBUG_NSS, sudoers_debug_instance) uid = (uid_t) sudo_strtoid(user + 1, NULL, NULL, &errstr); if (errstr != NULL) { @@ -292,7 +292,7 @@ sudo_fakepwnam(const char *user, gid_t gid) void sudo_setpwent(void) { - debug_decl(sudo_setpwent, SUDO_DEBUG_NSS) + debug_decl(sudo_setpwent, SUDO_DEBUG_NSS, sudoers_debug_instance) setpwent(); if (pwcache_byuid == NULL) @@ -306,7 +306,7 @@ sudo_setpwent(void) void sudo_freepwcache(void) { - debug_decl(sudo_freepwcache, SUDO_DEBUG_NSS) + debug_decl(sudo_freepwcache, SUDO_DEBUG_NSS, sudoers_debug_instance) if (pwcache_byuid != NULL) { rbdestroy(pwcache_byuid, sudo_pw_delref_item); @@ -323,7 +323,7 @@ sudo_freepwcache(void) void sudo_endpwent(void) { - debug_decl(sudo_endpwent, SUDO_DEBUG_NSS) + debug_decl(sudo_endpwent, SUDO_DEBUG_NSS, sudoers_debug_instance) endpwent(); sudo_freepwcache(); @@ -345,7 +345,7 @@ cmp_grgid(const void *v1, const void *v2) void sudo_gr_addref(struct group *gr) { - debug_decl(sudo_gr_addref, SUDO_DEBUG_NSS) + debug_decl(sudo_gr_addref, SUDO_DEBUG_NSS, sudoers_debug_instance) ptr_to_item(gr)->refcnt++; debug_return; } @@ -354,7 +354,7 @@ static void sudo_gr_delref_item(void *v) { struct cache_item *item = v; - debug_decl(sudo_gr_delref_item, SUDO_DEBUG_NSS) + debug_decl(sudo_gr_delref_item, SUDO_DEBUG_NSS, sudoers_debug_instance) if (--item->refcnt == 0) sudo_efree(item); @@ -365,7 +365,7 @@ sudo_gr_delref_item(void *v) void sudo_gr_delref(struct group *gr) { - debug_decl(sudo_gr_delref, SUDO_DEBUG_NSS) + debug_decl(sudo_gr_delref, SUDO_DEBUG_NSS, sudoers_debug_instance) sudo_gr_delref_item(ptr_to_item(gr)); debug_return; } @@ -378,7 +378,7 @@ sudo_getgrgid(gid_t gid) { struct cache_item key, *item; struct rbnode *node; - debug_decl(sudo_getgrgid, SUDO_DEBUG_NSS) + debug_decl(sudo_getgrgid, SUDO_DEBUG_NSS, sudoers_debug_instance) key.k.gid = gid; if ((node = rbfind(grcache_bygid, &key)) != NULL) { @@ -415,7 +415,7 @@ sudo_getgrnam(const char *name) struct cache_item key, *item; struct rbnode *node; size_t len; - debug_decl(sudo_getgrnam, SUDO_DEBUG_NSS) + debug_decl(sudo_getgrnam, SUDO_DEBUG_NSS, sudoers_debug_instance) key.k.name = (char *) name; if ((node = rbfind(grcache_byname, &key)) != NULL) { @@ -456,7 +456,7 @@ sudo_fakegrnam(const char *group) struct rbnode *node; size_t len, name_len; int i; - debug_decl(sudo_fakegrnam, SUDO_DEBUG_NSS) + debug_decl(sudo_fakegrnam, SUDO_DEBUG_NSS, sudoers_debug_instance) name_len = strlen(group); len = sizeof(*gritem) + name_len + 1; @@ -501,7 +501,7 @@ sudo_fakegrnam(const char *group) void sudo_grlist_addref(struct group_list *grlist) { - debug_decl(sudo_gr_addref, SUDO_DEBUG_NSS) + debug_decl(sudo_gr_addref, SUDO_DEBUG_NSS, sudoers_debug_instance) ptr_to_item(grlist)->refcnt++; debug_return; } @@ -510,7 +510,7 @@ static void sudo_grlist_delref_item(void *v) { struct cache_item *item = v; - debug_decl(sudo_gr_delref_item, SUDO_DEBUG_NSS) + debug_decl(sudo_gr_delref_item, SUDO_DEBUG_NSS, sudoers_debug_instance) if (--item->refcnt == 0) sudo_efree(item); @@ -521,7 +521,7 @@ sudo_grlist_delref_item(void *v) void sudo_grlist_delref(struct group_list *grlist) { - debug_decl(sudo_gr_delref, SUDO_DEBUG_NSS) + debug_decl(sudo_gr_delref, SUDO_DEBUG_NSS, sudoers_debug_instance) sudo_grlist_delref_item(ptr_to_item(grlist)); debug_return; } @@ -529,7 +529,7 @@ sudo_grlist_delref(struct group_list *grlist) void sudo_setgrent(void) { - debug_decl(sudo_setgrent, SUDO_DEBUG_NSS) + debug_decl(sudo_setgrent, SUDO_DEBUG_NSS, sudoers_debug_instance) setgrent(); if (grcache_bygid == NULL) @@ -545,7 +545,7 @@ sudo_setgrent(void) void sudo_freegrcache(void) { - debug_decl(sudo_freegrcache, SUDO_DEBUG_NSS) + debug_decl(sudo_freegrcache, SUDO_DEBUG_NSS, sudoers_debug_instance) if (grcache_bygid != NULL) { rbdestroy(grcache_bygid, sudo_gr_delref_item); @@ -566,7 +566,7 @@ sudo_freegrcache(void) void sudo_endgrent(void) { - debug_decl(sudo_endgrent, SUDO_DEBUG_NSS) + debug_decl(sudo_endgrent, SUDO_DEBUG_NSS, sudoers_debug_instance) endgrent(); sudo_freegrcache(); @@ -580,7 +580,7 @@ sudo_get_grlist(const struct passwd *pw) struct cache_item key, *item; struct rbnode *node; size_t len; - debug_decl(sudo_get_grlist, SUDO_DEBUG_NSS) + debug_decl(sudo_get_grlist, SUDO_DEBUG_NSS, sudoers_debug_instance) key.k.name = pw->pw_name; if ((node = rbfind(grlist_cache, &key)) != NULL) { @@ -616,7 +616,7 @@ sudo_set_grlist(struct passwd *pw, char * const *groups, char * const *gids) { struct cache_item key, *item; struct rbnode *node; - debug_decl(sudo_set_grlist, SUDO_DEBUG_NSS) + debug_decl(sudo_set_grlist, SUDO_DEBUG_NSS, sudoers_debug_instance) /* * Cache group db entry if it doesn't already exist @@ -644,7 +644,7 @@ user_in_group(const struct passwd *pw, const char *group) const char *errstr; int i; bool matched = false; - debug_decl(user_in_group, SUDO_DEBUG_NSS) + debug_decl(user_in_group, SUDO_DEBUG_NSS, sudoers_debug_instance) if ((grlist = sudo_get_grlist(pw)) != NULL) { /* diff --git a/plugins/sudoers/pwutil_impl.c b/plugins/sudoers/pwutil_impl.c index 52aa1d2c1..d4025f899 100644 --- a/plugins/sudoers/pwutil_impl.c +++ b/plugins/sudoers/pwutil_impl.c @@ -88,7 +88,7 @@ sudo_make_pwitem(uid_t uid, const char *name) size_t nsize, psize, csize, gsize, dsize, ssize, total; struct cache_item_pw *pwitem; struct passwd *pw, *newpw; - debug_decl(sudo_make_pwitem, SUDO_DEBUG_NSS) + debug_decl(sudo_make_pwitem, SUDO_DEBUG_NSS, sudoers_debug_instance) /* Look up by name or uid. */ pw = name ? getpwnam(name) : getpwuid(uid); @@ -162,7 +162,7 @@ sudo_make_gritem(gid_t gid, const char *name) size_t nsize, psize, nmem, total, len; struct cache_item_gr *gritem; struct group *gr, *newgr; - debug_decl(sudo_make_gritem, SUDO_DEBUG_NSS) + debug_decl(sudo_make_gritem, SUDO_DEBUG_NSS, sudoers_debug_instance) /* Look up by name or gid. */ gr = name ? getgrnam(name) : getgrgid(gid); @@ -235,7 +235,7 @@ sudo_make_grlist_item(const struct passwd *pw, char * const *unused1, GETGROUPS_T *gids; struct group *grp; int i, ngids, groupname_len; - debug_decl(sudo_make_grlist_item, SUDO_DEBUG_NSS) + debug_decl(sudo_make_grlist_item, SUDO_DEBUG_NSS, sudoers_debug_instance) if (pw == sudo_user.pw && sudo_user.gids != NULL) { gids = user_gids; diff --git a/plugins/sudoers/redblack.c b/plugins/sudoers/redblack.c index 07149c6ab..951869254 100644 --- a/plugins/sudoers/redblack.c +++ b/plugins/sudoers/redblack.c @@ -1,5 +1,5 @@ /* - * Copyright (c) 2004-2005, 2007, 2009-2013 + * Copyright (c) 2004-2005, 2007, 2009-2014 * Todd C. Miller * * Permission to use, copy, modify, and distribute this software for any @@ -54,9 +54,7 @@ # endif #endif /* STDC_HEADERS */ -#include "sudo_compat.h" -#include "sudo_alloc.h" -#include "sudo_debug.h" +#include "sudoers.h" #include "redblack.h" static void rbrepair(struct rbtree *, struct rbnode *); @@ -90,7 +88,7 @@ struct rbtree * rbcreate(int (*compar)(const void *, const void*)) { struct rbtree *tree; - debug_decl(rbcreate, SUDO_DEBUG_RBTREE) + debug_decl(rbcreate, SUDO_DEBUG_RBTREE, sudoers_debug_instance) tree = (struct rbtree *) sudo_emalloc(sizeof(*tree)); tree->compar = compar; @@ -121,7 +119,7 @@ static void rotate_left(struct rbtree *tree, struct rbnode *node) { struct rbnode *child; - debug_decl(rotate_left, SUDO_DEBUG_RBTREE) + debug_decl(rotate_left, SUDO_DEBUG_RBTREE, sudoers_debug_instance) child = node->right; node->right = child->left; @@ -147,7 +145,7 @@ static void rotate_right(struct rbtree *tree, struct rbnode *node) { struct rbnode *child; - debug_decl(rotate_right, SUDO_DEBUG_RBTREE) + debug_decl(rotate_right, SUDO_DEBUG_RBTREE, sudoers_debug_instance) child = node->left; node->left = child->right; @@ -177,7 +175,7 @@ rbinsert(struct rbtree *tree, void *data) struct rbnode *node = rbfirst(tree); struct rbnode *parent = rbroot(tree); int res; - debug_decl(rbinsert, SUDO_DEBUG_RBTREE) + debug_decl(rbinsert, SUDO_DEBUG_RBTREE, sudoers_debug_instance) /* Find correct insertion point. */ while (node != rbnil(tree)) { @@ -269,7 +267,7 @@ rbfind(struct rbtree *tree, void *key) { struct rbnode *node = rbfirst(tree); int res; - debug_decl(rbfind, SUDO_DEBUG_RBTREE) + debug_decl(rbfind, SUDO_DEBUG_RBTREE, sudoers_debug_instance) while (node != rbnil(tree)) { if ((res = tree->compar(key, node->data)) == 0) @@ -289,7 +287,7 @@ rbapply_node(struct rbtree *tree, struct rbnode *node, int (*func)(void *, void *), void *cookie, enum rbtraversal order) { int error; - debug_decl(rbapply_node, SUDO_DEBUG_RBTREE) + debug_decl(rbapply_node, SUDO_DEBUG_RBTREE, sudoers_debug_instance) if (node != rbnil(tree)) { if (order == preorder) @@ -316,7 +314,7 @@ static struct rbnode * rbsuccessor(struct rbtree *tree, struct rbnode *node) { struct rbnode *succ; - debug_decl(rbsuccessor, SUDO_DEBUG_RBTREE) + debug_decl(rbsuccessor, SUDO_DEBUG_RBTREE, sudoers_debug_instance) if ((succ = node->right) != rbnil(tree)) { while (succ->left != rbnil(tree)) @@ -337,7 +335,7 @@ rbsuccessor(struct rbtree *tree, struct rbnode *node) static void _rbdestroy(struct rbtree *tree, struct rbnode *node, void (*destroy)(void *)) { - debug_decl(_rbdestroy, SUDO_DEBUG_RBTREE) + debug_decl(_rbdestroy, SUDO_DEBUG_RBTREE, sudoers_debug_instance) if (node != rbnil(tree)) { _rbdestroy(tree, node->left, destroy); _rbdestroy(tree, node->right, destroy); @@ -355,7 +353,7 @@ _rbdestroy(struct rbtree *tree, struct rbnode *node, void (*destroy)(void *)) void rbdestroy(struct rbtree *tree, void (*destroy)(void *)) { - debug_decl(rbdestroy, SUDO_DEBUG_RBTREE) + debug_decl(rbdestroy, SUDO_DEBUG_RBTREE, sudoers_debug_instance) _rbdestroy(tree, rbfirst(tree), destroy); sudo_efree(tree); debug_return; @@ -368,7 +366,7 @@ void *rbdelete(struct rbtree *tree, struct rbnode *z) { struct rbnode *x, *y; void *data = z->data; - debug_decl(rbdelete, SUDO_DEBUG_RBTREE) + debug_decl(rbdelete, SUDO_DEBUG_RBTREE, sudoers_debug_instance) if (z->left == rbnil(tree) || z->right == rbnil(tree)) y = z; @@ -410,7 +408,7 @@ static void rbrepair(struct rbtree *tree, struct rbnode *node) { struct rbnode *sibling; - debug_decl(rbrepair, SUDO_DEBUG_RBTREE) + debug_decl(rbrepair, SUDO_DEBUG_RBTREE, sudoers_debug_instance) while (node->color == black && node != rbfirst(tree)) { if (node == node->parent->left) { diff --git a/plugins/sudoers/set_perms.c b/plugins/sudoers/set_perms.c index df27cb1ae..9510a7e80 100644 --- a/plugins/sudoers/set_perms.c +++ b/plugins/sudoers/set_perms.c @@ -1,5 +1,5 @@ /* - * Copyright (c) 1994-1996,1998-2013 Todd C. Miller + * Copyright (c) 1994-1996,1998-2014 Todd C. Miller * * Permission to use, copy, modify, and distribute this software for any * purpose with or without fee is hereby granted, provided that the above @@ -86,7 +86,7 @@ static int perm_stack_depth = 0; bool rewind_perms(void) { - debug_decl(rewind_perms, SUDO_DEBUG_PERMS) + debug_decl(rewind_perms, SUDO_DEBUG_PERMS, sudoers_debug_instance) if (perm_stack_depth != 0) { while (perm_stack_depth > 1) { @@ -116,7 +116,7 @@ set_perms(int perm) struct perm_state *state, *ostate = NULL; char errbuf[1024]; const char *errstr = errbuf; - debug_decl(set_perms, SUDO_DEBUG_PERMS) + debug_decl(set_perms, SUDO_DEBUG_PERMS, sudoers_debug_instance) if (perm_stack_depth == PERM_STACK_MAX) { errstr = N_("perm stack overflow"); @@ -372,7 +372,7 @@ bool restore_perms(void) { struct perm_state *state, *ostate; - debug_decl(restore_perms, SUDO_DEBUG_PERMS) + debug_decl(restore_perms, SUDO_DEBUG_PERMS, sudoers_debug_instance) if (perm_stack_depth < 2) { sudo_warnx(U_("perm stack underflow")); @@ -441,7 +441,7 @@ set_perms(int perm) struct perm_state *state, *ostate = NULL; char errbuf[1024]; const char *errstr = errbuf; - debug_decl(set_perms, SUDO_DEBUG_PERMS) + debug_decl(set_perms, SUDO_DEBUG_PERMS, sudoers_debug_instance) if (perm_stack_depth == PERM_STACK_MAX) { errstr = N_("perm stack overflow"); @@ -711,7 +711,7 @@ bool restore_perms(void) { struct perm_state *state, *ostate; - debug_decl(restore_perms, SUDO_DEBUG_PERMS) + debug_decl(restore_perms, SUDO_DEBUG_PERMS, sudoers_debug_instance) if (perm_stack_depth < 2) { sudo_warnx(U_("perm stack underflow")); @@ -844,7 +844,7 @@ set_perms(int perm) struct perm_state *state, *ostate = NULL; char errbuf[1024]; const char *errstr = errbuf; - debug_decl(set_perms, SUDO_DEBUG_PERMS) + debug_decl(set_perms, SUDO_DEBUG_PERMS, sudoers_debug_instance) if (perm_stack_depth == PERM_STACK_MAX) { errstr = N_("perm stack overflow"); @@ -1070,7 +1070,7 @@ bool restore_perms(void) { struct perm_state *state, *ostate; - debug_decl(restore_perms, SUDO_DEBUG_PERMS) + debug_decl(restore_perms, SUDO_DEBUG_PERMS, sudoers_debug_instance) if (perm_stack_depth < 2) { sudo_warnx(U_("perm stack underflow")); @@ -1141,7 +1141,7 @@ set_perms(int perm) struct perm_state *state, *ostate = NULL; char errbuf[1024]; const char *errstr = errbuf; - debug_decl(set_perms, SUDO_DEBUG_PERMS) + debug_decl(set_perms, SUDO_DEBUG_PERMS, sudoers_debug_instance) if (perm_stack_depth == PERM_STACK_MAX) { errstr = N_("perm stack overflow"); @@ -1366,7 +1366,7 @@ bool restore_perms(void) { struct perm_state *state, *ostate; - debug_decl(restore_perms, SUDO_DEBUG_PERMS) + debug_decl(restore_perms, SUDO_DEBUG_PERMS, sudoers_debug_instance) if (perm_stack_depth < 2) { sudo_warnx(U_("perm stack underflow")); @@ -1433,7 +1433,7 @@ set_perms(int perm) struct perm_state *state, *ostate = NULL; char errbuf[1024]; const char *errstr = errbuf; - debug_decl(set_perms, SUDO_DEBUG_PERMS) + debug_decl(set_perms, SUDO_DEBUG_PERMS, sudoers_debug_instance) if (perm_stack_depth == PERM_STACK_MAX) { errstr = N_("perm stack overflow"); @@ -1530,7 +1530,7 @@ boll restore_perms(void) { struct perm_state *state, *ostate; - debug_decl(restore_perms, SUDO_DEBUG_PERMS) + debug_decl(restore_perms, SUDO_DEBUG_PERMS, sudoers_debug_instance) if (perm_stack_depth < 2) { sudo_warnx(U_("perm stack underflow")); @@ -1574,7 +1574,7 @@ runas_setgroups(void) { struct passwd *pw; struct group_list *grlist; - debug_decl(runas_setgroups, SUDO_DEBUG_PERMS) + debug_decl(runas_setgroups, SUDO_DEBUG_PERMS, sudoers_debug_instance) if (def_preserve_groups) { sudo_grlist_addref(user_group_list); diff --git a/plugins/sudoers/sssd.c b/plugins/sudoers/sssd.c index 86b77d363..e49527c92 100644 --- a/plugins/sudoers/sssd.c +++ b/plugins/sudoers/sssd.c @@ -124,7 +124,7 @@ static void sudo_sss_attrcpy(struct sss_sudo_attr *dst, const struct sss_sudo_attr *src) { unsigned int i; - debug_decl(sudo_sss_attrcpy, SUDO_DEBUG_SSSD) + debug_decl(sudo_sss_attrcpy, SUDO_DEBUG_SSSD, sudoers_debug_instance) sudo_debug_printf(SUDO_DEBUG_DEBUG, "dst=%p, src=%p", dst, src); sudo_debug_printf(SUDO_DEBUG_INFO, "sudo_emalloc: cnt=%d", src->num_values); @@ -143,7 +143,7 @@ static void sudo_sss_rulecpy(struct sss_sudo_rule *dst, const struct sss_sudo_rule *src) { unsigned int i; - debug_decl(sudo_sss_rulecpy, SUDO_DEBUG_SSSD) + debug_decl(sudo_sss_rulecpy, SUDO_DEBUG_SSSD, sudoers_debug_instance) sudo_debug_printf(SUDO_DEBUG_DEBUG, "dst=%p, src=%p", dst, src); sudo_debug_printf(SUDO_DEBUG_INFO, "sudo_emalloc: cnt=%d", src->num_attrs); @@ -172,7 +172,7 @@ sudo_sss_filter_result(struct sudo_sss_handle *handle, struct sss_sudo_result *out_res; unsigned int i, l; int r; - debug_decl(sudo_sss_filter_result, SUDO_DEBUG_SSSD) + debug_decl(sudo_sss_filter_result, SUDO_DEBUG_SSSD, sudoers_debug_instance) sudo_debug_printf(SUDO_DEBUG_DEBUG, "in_res=%p, count=%u, act=%s", in_res, in_res ? in_res->num_rules : 0, @@ -240,7 +240,7 @@ static int sudo_sss_open(struct sudo_nss *nss) { struct sudo_sss_handle *handle; static const char path[] = _PATH_SSSD_LIB"/libsss_sudo.so"; - debug_decl(sudo_sss_open, SUDO_DEBUG_SSSD); + debug_decl(sudo_sss_open, SUDO_DEBUG_SSSD, sudoers_debug_instance); /* Create a handle container. */ handle = sudo_emalloc(sizeof(struct sudo_sss_handle)); @@ -306,7 +306,7 @@ static int sudo_sss_open(struct sudo_nss *nss) static int sudo_sss_close(struct sudo_nss *nss) { struct sudo_sss_handle *handle; - debug_decl(sudo_sss_close, SUDO_DEBUG_SSSD); + debug_decl(sudo_sss_close, SUDO_DEBUG_SSSD, sudoers_debug_instance); if (nss && nss->handle) { handle = nss->handle; @@ -319,7 +319,7 @@ static int sudo_sss_close(struct sudo_nss *nss) // ok static int sudo_sss_parse(struct sudo_nss *nss) { - debug_decl(sudo_sss_parse, SUDO_DEBUG_SSSD); + debug_decl(sudo_sss_parse, SUDO_DEBUG_SSSD, sudoers_debug_instance); debug_return_int(0); } @@ -331,7 +331,7 @@ static int sudo_sss_setdefs(struct sudo_nss *nss) struct sss_sudo_rule *sss_rule; uint32_t sss_error; unsigned int i; - debug_decl(sudo_sss_setdefs, SUDO_DEBUG_SSSD); + debug_decl(sudo_sss_setdefs, SUDO_DEBUG_SSSD, sudoers_debug_instance); if (handle == NULL) debug_return_int(-1); @@ -368,7 +368,7 @@ static int sudo_sss_setdefs(struct sudo_nss *nss) static int sudo_sss_checkpw(struct sudo_nss *nss, struct passwd *pw) { struct sudo_sss_handle *handle = nss->handle; - debug_decl(sudo_sss_checkpw, SUDO_DEBUG_SSSD); + debug_decl(sudo_sss_checkpw, SUDO_DEBUG_SSSD, sudoers_debug_instance); if (pw->pw_name != handle->pw->pw_name || pw->pw_uid != handle->pw->pw_uid) { @@ -389,7 +389,7 @@ sudo_sss_check_runas_user(struct sudo_sss_handle *handle, struct sss_sudo_rule * char **val_array = NULL; char *val; int ret = false, i; - debug_decl(sudo_sss_check_runas_user, SUDO_DEBUG_SSSD); + debug_decl(sudo_sss_check_runas_user, SUDO_DEBUG_SSSD, sudoers_debug_instance); if (!runas_pw) debug_return_int(UNSPEC); @@ -492,7 +492,7 @@ sudo_sss_check_runas_group(struct sudo_sss_handle *handle, struct sss_sudo_rule char **val_array = NULL; char *val; int ret = false, i; - debug_decl(sudo_sss_check_runas_group, SUDO_DEBUG_SSSD); + debug_decl(sudo_sss_check_runas_group, SUDO_DEBUG_SSSD, sudoers_debug_instance); /* runas_gr is only set if the user specified the -g flag */ if (!runas_gr) @@ -536,7 +536,7 @@ static bool sudo_sss_check_runas(struct sudo_sss_handle *handle, struct sss_sudo_rule *rule) { bool ret; - debug_decl(sudo_sss_check_runas, SUDO_DEBUG_SSSD); + debug_decl(sudo_sss_check_runas, SUDO_DEBUG_SSSD, sudoers_debug_instance); if (rule == NULL) debug_return_bool(false); @@ -553,7 +553,7 @@ sudo_sss_check_host(struct sudo_sss_handle *handle, struct sss_sudo_rule *rule) char **val_array, *val; bool ret = false; int i; - debug_decl(sudo_sss_check_host, SUDO_DEBUG_SSSD); + debug_decl(sudo_sss_check_host, SUDO_DEBUG_SSSD, sudoers_debug_instance); if (rule == NULL) debug_return_bool(ret); @@ -605,7 +605,7 @@ sudo_sss_filter_user_netgroup(struct sudo_sss_handle *handle, struct sss_sudo_ru bool ret = false, netgroup_spec_found = false; char **val_array, *val; int i; - debug_decl(sudo_sss_filter_user_netgroup, SUDO_DEBUG_SSSD); + debug_decl(sudo_sss_filter_user_netgroup, SUDO_DEBUG_SSSD, sudoers_debug_instance); if (!handle || !rule) debug_return_bool(ret); @@ -645,7 +645,7 @@ sudo_sss_result_filterp(struct sudo_sss_handle *handle, struct sss_sudo_rule *rule, void *unused) { (void)unused; - debug_decl(sudo_sss_result_filterp, SUDO_DEBUG_SSSD); + debug_decl(sudo_sss_result_filterp, SUDO_DEBUG_SSSD, sudoers_debug_instance); if (sudo_sss_check_host(handle, rule) && sudo_sss_filter_user_netgroup(handle, rule)) @@ -660,7 +660,7 @@ sudo_sss_result_get(struct sudo_nss *nss, struct passwd *pw, uint32_t *state) struct sudo_sss_handle *handle = nss->handle; struct sss_sudo_result *u_sss_result, *f_sss_result; uint32_t sss_error = 0, ret; - debug_decl(sudo_sss_result_get, SUDO_DEBUG_SSSD); + debug_decl(sudo_sss_result_get, SUDO_DEBUG_SSSD, sudoers_debug_instance); if (sudo_sss_checkpw(nss, pw) != 0) debug_return_ptr(NULL); @@ -738,7 +738,7 @@ sudo_sss_check_bool(struct sudo_sss_handle *handle, struct sss_sudo_rule *rule, { char ch, *var, **val_array = NULL; int i, ret = UNSPEC; - debug_decl(sudo_sss_check_bool, SUDO_DEBUG_SSSD); + debug_decl(sudo_sss_check_bool, SUDO_DEBUG_SSSD, sudoers_debug_instance); if (rule == NULL) debug_return_int(ret); @@ -780,7 +780,7 @@ sudo_sss_extract_digest(char **cmnd, struct sudo_digest *digest) { char *ep, *cp = *cmnd; int digest_type = SUDO_DIGEST_INVALID; - debug_decl(sudo_sss_check_command, SUDO_DEBUG_LDAP) + debug_decl(sudo_sss_check_command, SUDO_DEBUG_LDAP, sudoers_debug_instance) /* * Check for and extract a digest prefix, e.g. @@ -849,7 +849,7 @@ sudo_sss_check_command(struct sudo_sss_handle *handle, bool foundbang; unsigned int i; struct sudo_digest digest, *allowed_digest = NULL; - debug_decl(sudo_sss_check_command, SUDO_DEBUG_SSSD); + debug_decl(sudo_sss_check_command, SUDO_DEBUG_SSSD, sudoers_debug_instance); if (rule == NULL) debug_return_int(ret); @@ -924,7 +924,7 @@ sudo_sss_parse_options(struct sudo_sss_handle *handle, struct sss_sudo_rule *rul int i; char op, *v, *val; char **val_array = NULL; - debug_decl(sudo_sss_parse_options, SUDO_DEBUG_SSSD); + debug_decl(sudo_sss_parse_options, SUDO_DEBUG_SSSD, sudoers_debug_instance); if (rule == NULL) debug_return; @@ -982,7 +982,7 @@ sudo_sss_lookup(struct sudo_nss *nss, int ret, int pwflag) struct sss_sudo_result *sss_result = NULL; struct sss_sudo_rule *rule; uint32_t i, state = 0; - debug_decl(sudo_sss_lookup, SUDO_DEBUG_SSSD); + debug_decl(sudo_sss_lookup, SUDO_DEBUG_SSSD, sudoers_debug_instance); /* Fetch list of sudoRole entries that match user and host. */ sss_result = sudo_sss_result_get(nss, sudo_user.pw, &state); @@ -1103,7 +1103,7 @@ sudo_sss_display_cmnd(struct sudo_nss *nss, struct passwd *pw) struct sss_sudo_rule *rule; unsigned int i; bool found = false; - debug_decl(sudo_sss_display_cmnd, SUDO_DEBUG_SSSD); + debug_decl(sudo_sss_display_cmnd, SUDO_DEBUG_SSSD, sudoers_debug_instance); if (handle == NULL) goto done; @@ -1152,7 +1152,7 @@ sudo_sss_display_defaults(struct sudo_nss *nss, struct passwd *pw, char *prefix, *val, **val_array = NULL; unsigned int i, j; int count = 0; - debug_decl(sudo_sss_display_defaults, SUDO_DEBUG_SSSD); + debug_decl(sudo_sss_display_defaults, SUDO_DEBUG_SSSD, sudoers_debug_instance); if (handle == NULL) goto done; @@ -1214,7 +1214,7 @@ static int sudo_sss_display_bound_defaults(struct sudo_nss *nss, struct passwd *pw, struct sudo_lbuf *lbuf) { - debug_decl(sudo_sss_display_bound_defaults, SUDO_DEBUG_SSSD); + debug_decl(sudo_sss_display_bound_defaults, SUDO_DEBUG_SSSD, sudoers_debug_instance); debug_return_int(0); } @@ -1224,7 +1224,7 @@ sudo_sss_display_entry_long(struct sudo_sss_handle *handle, { char **val_array = NULL; int count = 0, i; - debug_decl(sudo_sss_display_entry_long, SUDO_DEBUG_SSSD); + debug_decl(sudo_sss_display_entry_long, SUDO_DEBUG_SSSD, sudoers_debug_instance); /* get the RunAsUser Values from the entry */ sudo_lbuf_append(lbuf, " RunAsUsers: "); @@ -1319,7 +1319,7 @@ sudo_sss_display_entry_short(struct sudo_sss_handle *handle, { char **val_array = NULL; int count = 0, i; - debug_decl(sudo_sss_display_entry_short, SUDO_DEBUG_SSSD); + debug_decl(sudo_sss_display_entry_short, SUDO_DEBUG_SSSD, sudoers_debug_instance); sudo_lbuf_append(lbuf, " ("); @@ -1432,7 +1432,7 @@ sudo_sss_display_privs(struct sudo_nss *nss, struct passwd *pw, struct sss_sudo_result *sss_result = NULL; struct sss_sudo_rule *rule; unsigned int i, count = 0; - debug_decl(sudo_sss_display_privs, SUDO_DEBUG_SSSD); + debug_decl(sudo_sss_display_privs, SUDO_DEBUG_SSSD, sudoers_debug_instance); if (handle == NULL) debug_return_int(-1); diff --git a/plugins/sudoers/sudo_nss.c b/plugins/sudoers/sudo_nss.c index e637eb9ab..a9c6d739b 100644 --- a/plugins/sudoers/sudo_nss.c +++ b/plugins/sudoers/sudo_nss.c @@ -80,7 +80,7 @@ sudo_read_nss(void) bool saw_files = false; bool got_match = false; static struct sudo_nss_list snl = TAILQ_HEAD_INITIALIZER(snl); - debug_decl(sudo_read_nss, SUDO_DEBUG_NSS) + debug_decl(sudo_read_nss, SUDO_DEBUG_NSS, sudoers_debug_instance) if ((fp = fopen(_PATH_NSSWITCH_CONF, "r")) == NULL) goto nomatch; @@ -158,7 +158,7 @@ sudo_read_nss(void) bool saw_ldap = false; bool got_match = false; static struct sudo_nss_list snl = TAILQ_HEAD_INITIALIZER(snl); - debug_decl(sudo_read_nss, SUDO_DEBUG_NSS) + debug_decl(sudo_read_nss, SUDO_DEBUG_NSS, sudoers_debug_instance) if ((fp = fopen(_PATH_NETSVC_CONF, "r")) == NULL) goto nomatch; @@ -239,7 +239,7 @@ struct sudo_nss_list * sudo_read_nss(void) { static struct sudo_nss_list snl = TAILQ_HEAD_INITIALIZER(snl); - debug_decl(sudo_read_nss, SUDO_DEBUG_NSS) + debug_decl(sudo_read_nss, SUDO_DEBUG_NSS, sudoers_debug_instance) # ifdef HAVE_SSSD TAILQ_INSERT_TAIL(&snl, &sudo_nss_sss, entries); @@ -261,7 +261,7 @@ output(const char *buf) { struct sudo_conv_message msg; struct sudo_conv_reply repl; - debug_decl(output, SUDO_DEBUG_NSS) + debug_decl(output, SUDO_DEBUG_NSS, sudoers_debug_instance) /* Call conversation function */ memset(&msg, 0, sizeof(msg)); @@ -284,7 +284,7 @@ display_privs(struct sudo_nss_list *snl, struct passwd *pw) struct sudo_lbuf defs, privs; struct stat sb; int cols, count, olen; - debug_decl(display_privs, SUDO_DEBUG_NSS) + debug_decl(display_privs, SUDO_DEBUG_NSS, sudoers_debug_instance) cols = sudo_user.cols; if (fstat(STDOUT_FILENO, &sb) == 0 && S_ISFIFO(sb.st_mode)) @@ -349,7 +349,7 @@ bool display_cmnd(struct sudo_nss_list *snl, struct passwd *pw) { struct sudo_nss *nss; - debug_decl(display_cmnd, SUDO_DEBUG_NSS) + debug_decl(display_cmnd, SUDO_DEBUG_NSS, sudoers_debug_instance) TAILQ_FOREACH(nss, snl, entries) { if (nss->display_cmnd(nss, pw) == 0) diff --git a/plugins/sudoers/sudoers.c b/plugins/sudoers/sudoers.c index 8a3a84171..6d20ea513 100644 --- a/plugins/sudoers/sudoers.c +++ b/plugins/sudoers/sudoers.c @@ -120,7 +120,7 @@ sudoers_policy_init(void *info, char * const envp[]) volatile int sources = 0; struct sudo_nss *nss, *nss_next; int rval = -1; - debug_decl(sudoers_policy_init, SUDO_DEBUG_PLUGIN) + debug_decl(sudoers_policy_init, SUDO_DEBUG_PLUGIN, sudoers_debug_instance) bindtextdomain("sudoers", LOCALEDIR); @@ -225,7 +225,7 @@ sudoers_policy_main(int argc, char * const argv[], int pwflag, char *env_add[], struct sudo_nss *nss; int cmnd_status = -1, oldlocale, validated; volatile int rval = true; - debug_decl(sudoers_policy_main, SUDO_DEBUG_PLUGIN) + debug_decl(sudoers_policy_main, SUDO_DEBUG_PLUGIN, sudoers_debug_instance) /* Is root even allowed to run sudo? */ if (user_uid == 0 && !def_root_sudo) { @@ -560,7 +560,7 @@ init_vars(char * const envp[]) { char * const * ep; bool unknown_user = false; - debug_decl(init_vars, SUDO_DEBUG_PLUGIN) + debug_decl(init_vars, SUDO_DEBUG_PLUGIN, sudoers_debug_instance) sudoers_initlocale(setlocale(LC_ALL, NULL), def_sudoers_locale); @@ -641,7 +641,7 @@ set_cmnd(void) { int rval = FOUND; char *path = user_path; - debug_decl(set_cmnd, SUDO_DEBUG_PLUGIN) + debug_decl(set_cmnd, SUDO_DEBUG_PLUGIN, sudoers_debug_instance) /* Allocate user_stat for find_path() and match functions. */ user_stat = sudo_ecalloc(1, sizeof(struct stat)); @@ -738,7 +738,7 @@ open_sudoers(const char *sudoers, bool doedit, bool *keepopen) { struct stat sb; FILE *fp = NULL; - debug_decl(open_sudoers, SUDO_DEBUG_PLUGIN) + debug_decl(open_sudoers, SUDO_DEBUG_PLUGIN, sudoers_debug_instance) if (!set_perms(PERM_SUDOERS)) debug_return_ptr(NULL); @@ -816,7 +816,7 @@ set_loginclass(struct passwd *pw) const int errflags = SLOG_RAW_MSG; login_cap_t *lc; bool rval = true; - debug_decl(set_loginclass, SUDO_DEBUG_PLUGIN) + debug_decl(set_loginclass, SUDO_DEBUG_PLUGIN, sudoers_debug_instance) if (!def_use_loginclass) goto done; @@ -872,7 +872,7 @@ set_fqdn(void) { struct addrinfo *res0, hint; char *p; - debug_decl(set_fqdn, SUDO_DEBUG_PLUGIN) + debug_decl(set_fqdn, SUDO_DEBUG_PLUGIN, sudoers_debug_instance) memset(&hint, 0, sizeof(hint)); hint.ai_family = PF_UNSPEC; @@ -902,7 +902,7 @@ static bool set_runaspw(const char *user, bool quiet) { struct passwd *pw = NULL; - debug_decl(set_runaspw, SUDO_DEBUG_PLUGIN) + debug_decl(set_runaspw, SUDO_DEBUG_PLUGIN, sudoers_debug_instance) if (*user == '#') { const char *errstr; @@ -933,7 +933,7 @@ static bool set_runasgr(const char *group, bool quiet) { struct group *gr = NULL; - debug_decl(set_runasgr, SUDO_DEBUG_PLUGIN) + debug_decl(set_runasgr, SUDO_DEBUG_PLUGIN, sudoers_debug_instance) if (*group == '#') { const char *errstr; @@ -985,7 +985,7 @@ void sudoers_cleanup(void) { struct sudo_nss *nss; - debug_decl(sudoers_cleanup, SUDO_DEBUG_PLUGIN) + debug_decl(sudoers_cleanup, SUDO_DEBUG_PLUGIN, sudoers_debug_instance) if (snl != NULL) { TAILQ_FOREACH(nss, snl, entries) { @@ -1006,7 +1006,7 @@ resolve_editor(const char *ed, size_t edlen, int nfiles, char **files, int *argc char *cp, **nargv, *editor, *editor_path = NULL; int ac, i, nargc; bool wasblank; - debug_decl(resolve_editor, SUDO_DEBUG_PLUGIN) + debug_decl(resolve_editor, SUDO_DEBUG_PLUGIN, sudoers_debug_instance) /* Note: editor becomes part of argv_out and is not freed. */ editor = sudo_emalloc(edlen + 1); @@ -1060,7 +1060,7 @@ find_editor(int nfiles, char **files, int *argc_out, char ***argv_out) const char *cp, *ep, *editor; char *editor_path = NULL, **ev, *ev0[4]; size_t len; - debug_decl(find_editor, SUDO_DEBUG_PLUGIN) + debug_decl(find_editor, SUDO_DEBUG_PLUGIN, sudoers_debug_instance) /* * If any of SUDO_EDITOR, VISUAL or EDITOR are set, choose the first one. @@ -1101,7 +1101,7 @@ create_admin_success_flag(void) struct stat statbuf; char flagfile[PATH_MAX]; int fd, n; - debug_decl(create_admin_success_flag, SUDO_DEBUG_PLUGIN) + debug_decl(create_admin_success_flag, SUDO_DEBUG_PLUGIN, sudoers_debug_instance) /* Check whether the user is in the admin group. */ if (!user_in_group(sudo_user.pw, "admin")) diff --git a/plugins/sudoers/sudoers.h b/plugins/sudoers/sudoers.h index 8f5b49afb..f7da9afbe 100644 --- a/plugins/sudoers/sudoers.h +++ b/plugins/sudoers/sudoers.h @@ -346,6 +346,11 @@ int sudoers_policy_init(void *info, char * const envp[]); int sudoers_policy_main(int argc, char * const argv[], int pwflag, char *env_add[], void *closure); void sudoers_cleanup(void); +/* sudoers_debug.c */ +void sudoers_debug_parse_flags(struct sudo_conf_debug_file_list *debug_files, const char *entry); +void sudoers_debug_register(struct sudo_conf_debug_file_list *debug_files, const char *plugin_path); +extern int sudoers_debug_instance; + /* policy.c */ int sudoers_policy_deserialize_info(void *v, char **runas_user, char **runas_group); int sudoers_policy_exec_setup(char *argv[], char *envp[], mode_t cmnd_umask, char *iolog_path, void *v); diff --git a/plugins/sudoers/sudoers_debug.c b/plugins/sudoers/sudoers_debug.c new file mode 100644 index 000000000..f4aec0921 --- /dev/null +++ b/plugins/sudoers/sudoers_debug.c @@ -0,0 +1,104 @@ +/* + * Copyright (c) 2014 Todd C. Miller + * + * Permission to use, copy, modify, and distribute this software for any + * purpose with or without fee is hereby granted, provided that the above + * copyright notice and this permission notice appear in all copies. + * + * THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES + * WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF + * MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR + * ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES + * WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN + * ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF + * OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. + */ + +#include + +#include +#include +#ifdef STDC_HEADERS +# include +# include +#else +# ifdef HAVE_STDLIB_H +# include +# endif +#endif /* STDC_HEADERS */ +#ifdef HAVE_STDBOOL_H +# include +#else +# include "compat/stdbool.h" +#endif +#ifdef HAVE_STRING_H +# include +#endif /* HAVE_STRING_H */ +#ifdef HAVE_STRINGS_H +# include +#endif /* HAVE_STRINGS_H */ +#ifdef HAVE_UNISTD_H +# include +#endif /* HAVE_UNISTD_H */ +#include + +#include "sudoers.h" + +int sudoers_debug_instance = SUDO_DEBUG_INSTANCE_INITIALIZER; + +/* + * Parse the "filename flags,..." debug_flags entry and insert a new + * sudo_debug_file struct into debug_files. + */ +void +sudoers_debug_parse_flags(struct sudo_conf_debug_file_list *debug_files, + const char *entry) +{ + struct sudo_debug_file *debug_file; + const char *filename, *flags; + size_t namelen; + + /* Already initialized? */ + if (sudoers_debug_instance != SUDO_DEBUG_INSTANCE_INITIALIZER) + return; + + /* Process new-style debug flags: filename flags,... */ + filename = entry; + if (*filename != '/' || (flags = strpbrk(filename, " \t")) == NULL) + return; + namelen = (size_t)(flags - filename); + while (isblank((unsigned char)*flags)) + flags++; + if (*flags == '\0') + return; + + debug_file = sudo_emalloc(sizeof(*debug_file)); + debug_file->debug_file = sudo_estrndup(filename, namelen); + debug_file->debug_flags = sudo_estrdup(flags); + TAILQ_INSERT_TAIL(debug_files, debug_file, entries); +} + +/* + * Register the specified debug files and plugin_path with the + * debug subsystem. + */ +void +sudoers_debug_register(struct sudo_conf_debug_file_list *debug_files, + const char *plugin_path) +{ + struct sudo_debug_file *debug_file, *debug_next; + + /* Setup debugging if indicated. */ + if (!TAILQ_EMPTY(debug_files)) { + if (plugin_path != NULL) { + sudoers_debug_instance = + sudo_debug_register(plugin_path, NULL, 0, debug_files); + } + TAILQ_FOREACH_SAFE(debug_file, debug_files, entries, debug_next) { + TAILQ_REMOVE(debug_files, debug_file, entries); + sudo_efree(debug_file->debug_file); + sudo_efree(debug_file->debug_flags); + sudo_efree(debug_file); + } + } +} diff --git a/plugins/sudoers/sudoreplay.c b/plugins/sudoers/sudoreplay.c index ea5501fdd..2c194ac11 100644 --- a/plugins/sudoers/sudoreplay.c +++ b/plugins/sudoers/sudoreplay.c @@ -236,7 +236,7 @@ main(int argc, char *argv[]) char *cp, *ep, path[PATH_MAX]; struct log_info *li; double max_wait = 0; - debug_decl(main, SUDO_DEBUG_MAIN) + debug_decl(main, SUDO_DEBUG_MAIN, SUDO_DEBUG_INSTANCE_DEFAULT) #if defined(SUDO_DEVEL) && defined(__OpenBSD__) { @@ -385,7 +385,7 @@ replay_session(const double max_wait, const char *decimal) char buf[LINE_MAX]; sigaction_t sa; int idx; - debug_decl(replay_session, SUDO_DEBUG_UTIL) + debug_decl(replay_session, SUDO_DEBUG_UTIL, SUDO_DEBUG_INSTANCE_DEFAULT) /* Restore tty settings if interupted. */ fflush(stdout); @@ -553,7 +553,7 @@ replay_session(const double max_wait, const char *decimal) static int open_io_fd(char *path, int len, struct io_log_file *iol) { - debug_decl(open_io_fd, SUDO_DEBUG_UTIL) + debug_decl(open_io_fd, SUDO_DEBUG_UTIL, SUDO_DEBUG_INSTANCE_DEFAULT) if (!iol->enabled) debug_return_int(0); @@ -575,7 +575,7 @@ write_output(int fd, int what, void *v) ssize_t nwritten; size_t count, remainder; unsigned int i; - debug_decl(write_output, SUDO_DEBUG_UTIL) + debug_decl(write_output, SUDO_DEBUG_UTIL, SUDO_DEBUG_INSTANCE_DEFAULT) nwritten = writev(STDOUT_FILENO, wc->iov, wc->iovcnt); switch (nwritten) { @@ -628,7 +628,7 @@ parse_expr(struct search_node_list *head, char *argv[], bool sub_expr) bool or = false, not = false; struct search_node *sn; char type, **av; - debug_decl(parse_expr, SUDO_DEBUG_UTIL) + debug_decl(parse_expr, SUDO_DEBUG_UTIL, SUDO_DEBUG_INSTANCE_DEFAULT) for (av = argv; *av != NULL; av++) { switch (av[0][0]) { @@ -747,7 +747,7 @@ match_expr(struct search_node_list *head, struct log_info *log, bool last_match) struct search_node *sn; bool res, matched = last_match; int rc; - debug_decl(match_expr, SUDO_DEBUG_UTIL) + debug_decl(match_expr, SUDO_DEBUG_UTIL, SUDO_DEBUG_INSTANCE_DEFAULT) STAILQ_FOREACH(sn, head, entries) { switch (sn->type) { @@ -808,7 +808,7 @@ parse_logfile(char *logfile) const char *errstr; size_t bufsize = 0, cwdsize = 0, cmdsize = 0; struct log_info *li = NULL; - debug_decl(parse_logfile, SUDO_DEBUG_UTIL) + debug_decl(parse_logfile, SUDO_DEBUG_UTIL, SUDO_DEBUG_INSTANCE_DEFAULT) fp = fopen(logfile, "r"); if (fp == NULL) { @@ -940,7 +940,7 @@ list_session(char *logfile, REGEX_T *re, const char *user, const char *tty) const char *timestr; struct log_info *li; int rval = -1; - debug_decl(list_session, SUDO_DEBUG_UTIL) + debug_decl(list_session, SUDO_DEBUG_UTIL, SUDO_DEBUG_INSTANCE_DEFAULT) if ((li = parse_logfile(logfile)) == NULL) goto done; @@ -1005,7 +1005,7 @@ find_sessions(const char *dir, REGEX_T *re, const char *user, const char *tty) #else const bool checked_type = false; #endif - debug_decl(find_sessions, SUDO_DEBUG_UTIL) + debug_decl(find_sessions, SUDO_DEBUG_UTIL, SUDO_DEBUG_INSTANCE_DEFAULT) d = opendir(dir); if (d == NULL) @@ -1079,7 +1079,7 @@ list_sessions(int argc, char **argv, const char *pattern, const char *user, const char *tty) { REGEX_T rebuf, *re = NULL; - debug_decl(list_sessions, SUDO_DEBUG_UTIL) + debug_decl(list_sessions, SUDO_DEBUG_UTIL, SUDO_DEBUG_INSTANCE_DEFAULT) /* Parse search expression if present */ parse_expr(&search_expr, argv, false); @@ -1110,7 +1110,7 @@ check_input(int fd, int what, void *v) struct timeval tv, *timeout = NULL; static bool paused = 0; char ch; - debug_decl(check_input, SUDO_DEBUG_UTIL) + debug_decl(check_input, SUDO_DEBUG_UTIL, SUDO_DEBUG_INSTANCE_DEFAULT) if (ISSET(what, SUDO_EV_READ)) { switch (read(fd, &ch, 1)) { @@ -1174,7 +1174,7 @@ parse_timing(const char *buf, const char *decimal, int *idx, double *seconds, long l; double d, fract = 0; char *cp, *ep; - debug_decl(parse_timing, SUDO_DEBUG_UTIL) + debug_decl(parse_timing, SUDO_DEBUG_UTIL, SUDO_DEBUG_INSTANCE_DEFAULT) /* Parse index */ ul = strtoul(buf, &ep, 10); diff --git a/plugins/sudoers/testsudoers.c b/plugins/sudoers/testsudoers.c index c182d1416..f23f39713 100644 --- a/plugins/sudoers/testsudoers.c +++ b/plugins/sudoers/testsudoers.c @@ -1,5 +1,5 @@ /* - * Copyright (c) 1996, 1998-2005, 2007-2013 + * Copyright (c) 1996, 1998-2005, 2007-2014 * Todd C. Miller * * Permission to use, copy, modify, and distribute this software for any @@ -101,6 +101,7 @@ extern int (*trace_print)(const char *msg); */ struct sudo_user sudo_user; struct passwd *list_pw; +int sudoers_debug_instance = SUDO_DEBUG_INSTANCE_INITIALIZER; static char *runas_group, *runas_user; #if defined(SUDO_DEVEL) && defined(__OpenBSD__) @@ -123,7 +124,7 @@ main(int argc, char *argv[]) const char *errstr; int match, host_match, runas_match, cmnd_match; int ch, dflag, exitcode = 0; - debug_decl(main, SUDO_DEBUG_MAIN) + debug_decl(main, SUDO_DEBUG_MAIN, sudoers_debug_instance) #if defined(SUDO_DEVEL) && defined(__OpenBSD__) malloc_options = "AFGJPR"; @@ -348,7 +349,7 @@ static void set_runaspw(const char *user) { struct passwd *pw = NULL; - debug_decl(set_runaspw, SUDO_DEBUG_UTIL) + debug_decl(set_runaspw, SUDO_DEBUG_UTIL, sudoers_debug_instance) if (*user == '#') { const char *errstr; @@ -372,7 +373,7 @@ static void set_runasgr(const char *group) { struct group *gr = NULL; - debug_decl(set_runasgr, SUDO_DEBUG_UTIL) + debug_decl(set_runasgr, SUDO_DEBUG_UTIL, sudoers_debug_instance) if (*group == '#') { const char *errstr; @@ -422,7 +423,7 @@ open_sudoers(const char *sudoers, bool doedit, bool *keepopen) struct stat sb; FILE *fp = NULL; char *sudoers_base; - debug_decl(open_sudoers, SUDO_DEBUG_UTIL) + debug_decl(open_sudoers, SUDO_DEBUG_UTIL, sudoers_debug_instance) sudoers_base = strrchr(sudoers, '/'); if (sudoers_base != NULL) @@ -479,7 +480,7 @@ void print_member(struct member *m) { struct sudo_command *c; - debug_decl(print_member, SUDO_DEBUG_UTIL) + debug_decl(print_member, SUDO_DEBUG_UTIL, sudoers_debug_instance) if (m->negated) putchar('!'); @@ -501,7 +502,7 @@ print_defaults(void) { struct defaults *d; struct member *m; - debug_decl(print_defaults, SUDO_DEBUG_UTIL) + debug_decl(print_defaults, SUDO_DEBUG_UTIL, sudoers_debug_instance) TAILQ_FOREACH(d, &defaults, entries) { (void) fputs("Defaults", stdout); @@ -540,7 +541,7 @@ print_alias(void *v1, void *v2) struct alias *a = (struct alias *)v1; struct member *m; struct sudo_command *c; - debug_decl(print_alias, SUDO_DEBUG_UTIL) + debug_decl(print_alias, SUDO_DEBUG_UTIL, sudoers_debug_instance) switch (a->type) { case HOSTALIAS: @@ -579,7 +580,7 @@ print_privilege(struct privilege *priv) struct cmndspec *cs; struct member *m; struct cmndtag tags; - debug_decl(print_privilege, SUDO_DEBUG_UTIL) + debug_decl(print_privilege, SUDO_DEBUG_UTIL, sudoers_debug_instance) TAILQ_FOREACH(m, &priv->hostlist, entries) { if (m != TAILQ_FIRST(&priv->hostlist)) @@ -643,7 +644,7 @@ print_userspecs(void) struct member *m; struct userspec *us; struct privilege *priv; - debug_decl(print_userspecs, SUDO_DEBUG_UTIL) + debug_decl(print_userspecs, SUDO_DEBUG_UTIL, sudoers_debug_instance) TAILQ_FOREACH(us, &userspecs, entries) { TAILQ_FOREACH(m, &us->users, entries) { @@ -665,7 +666,7 @@ print_userspecs(void) void dump_sudoers(void) { - debug_decl(dump_sudoers, SUDO_DEBUG_UTIL) + debug_decl(dump_sudoers, SUDO_DEBUG_UTIL, sudoers_debug_instance) print_defaults(); diff --git a/plugins/sudoers/timestamp.c b/plugins/sudoers/timestamp.c index 09cb34c41..fadad7978 100644 --- a/plugins/sudoers/timestamp.c +++ b/plugins/sudoers/timestamp.c @@ -70,7 +70,7 @@ static struct timestamp_entry timestamp_key; static bool ts_match_record(struct timestamp_entry *key, struct timestamp_entry *entry) { - debug_decl(ts_match_record, SUDO_DEBUG_AUTH) + debug_decl(ts_match_record, SUDO_DEBUG_AUTH, sudoers_debug_instance) if (entry->version != key->version) debug_return_bool(false); @@ -110,7 +110,7 @@ static bool ts_find_record(int fd, struct timestamp_entry *key, struct timestamp_entry *entry) { struct timestamp_entry cur; - debug_decl(ts_find_record, SUDO_DEBUG_AUTH) + debug_decl(ts_find_record, SUDO_DEBUG_AUTH, sudoers_debug_instance) /* * Look for a matching record. @@ -145,7 +145,7 @@ ts_update_record(int fd, struct timestamp_entry *entry, off_t timestamp_hint) struct timestamp_entry cur; ssize_t nwritten; off_t old_eof = (off_t)-1; - debug_decl(ts_update_record, SUDO_DEBUG_AUTH) + debug_decl(ts_update_record, SUDO_DEBUG_AUTH, sudoers_debug_instance) /* First try the hint if one is given. */ if (timestamp_hint != (off_t)-1) { @@ -215,7 +215,7 @@ ts_mkdirs(char *path, uid_t owner, mode_t mode, mode_t parent_mode, bool quiet) gid_t parent_gid = 0; char *slash = path; bool rval = false; - debug_decl(ts_mkdirs, SUDO_DEBUG_AUTH) + debug_decl(ts_mkdirs, SUDO_DEBUG_AUTH, sudoers_debug_instance) while ((slash = strchr(slash + 1, '/')) != NULL) { *slash = '\0'; @@ -265,7 +265,7 @@ ts_secure_dir(char *path, bool make_it, bool quiet) { struct stat sb; bool rval = false; - debug_decl(ts_secure_dir, SUDO_DEBUG_AUTH) + debug_decl(ts_secure_dir, SUDO_DEBUG_AUTH, sudoers_debug_instance) sudo_debug_printf(SUDO_DEBUG_INFO|SUDO_DEBUG_LINENO, "checking %s", path); switch (sudo_secure_dir(path, timestamp_uid, -1, &sb)) { @@ -309,7 +309,7 @@ int build_timestamp(struct passwd *pw) { int len; - debug_decl(build_timestamp, SUDO_DEBUG_AUTH) + debug_decl(build_timestamp, SUDO_DEBUG_AUTH, sudoers_debug_instance) len = snprintf(timestamp_file, sizeof(timestamp_file), "%s/%s", def_timestampdir, user_name); @@ -333,7 +333,7 @@ update_timestamp(struct passwd *pw) bool uid_changed = false; bool rval = false; int fd; - debug_decl(update_timestamp, SUDO_DEBUG_AUTH) + debug_decl(update_timestamp, SUDO_DEBUG_AUTH, sudoers_debug_instance) /* Zero timeout means don't update the time stamp file. */ if (def_timestamp_timeout == 0) @@ -382,7 +382,7 @@ timestamp_status(struct passwd *pw) int status = TS_ERROR; /* assume the worst */ struct stat sb; int fd = -1; - debug_decl(timestamp_status, SUDO_DEBUG_AUTH) + debug_decl(timestamp_status, SUDO_DEBUG_AUTH, sudoers_debug_instance) /* Reset time stamp offset hint. */ timestamp_hint = (off_t)-1; @@ -533,7 +533,7 @@ remove_timestamp(bool unlink_it) struct timestamp_entry entry; bool uid_changed = false; int fd = -1; - debug_decl(remove_timestamp, SUDO_DEBUG_AUTH) + debug_decl(remove_timestamp, SUDO_DEBUG_AUTH, sudoers_debug_instance) if (build_timestamp(NULL) == -1) debug_return; @@ -602,7 +602,7 @@ already_lectured(int unused) char status_file[PATH_MAX]; struct stat sb; int len; - debug_decl(already_lectured, SUDO_DEBUG_AUTH) + debug_decl(already_lectured, SUDO_DEBUG_AUTH, sudoers_debug_instance) if (ts_secure_dir(def_lecture_status_dir, false, true)) { len = snprintf(status_file, sizeof(status_file), "%s/%s", @@ -626,7 +626,7 @@ set_lectured(void) char lecture_status[PATH_MAX]; bool uid_changed = false; int len, fd = -1; - debug_decl(set_lectured, SUDO_DEBUG_AUTH) + debug_decl(set_lectured, SUDO_DEBUG_AUTH, sudoers_debug_instance) len = snprintf(lecture_status, sizeof(lecture_status), "%s/%s", def_lecture_status_dir, user_name); diff --git a/plugins/sudoers/toke.c b/plugins/sudoers/toke.c index 5f0bdb0c3..42fd6dfe5 100644 --- a/plugins/sudoers/toke.c +++ b/plugins/sudoers/toke.c @@ -4030,7 +4030,7 @@ read_dir_files(const char *dirpath, struct path_list ***pathsp) int max_paths = 32; struct dirent *dent; struct path_list **paths = NULL; - debug_decl(read_dir_files, SUDO_DEBUG_PARSER) + debug_decl(read_dir_files, SUDO_DEBUG_PARSER, sudoers_debug_instance) dir = opendir(dirpath); if (dir == NULL) { @@ -4105,7 +4105,7 @@ switch_dir(struct include_stack *stack, char *dirpath) { struct path_list **paths = NULL; int count, i; - debug_decl(switch_dir, SUDO_DEBUG_PARSER) + debug_decl(switch_dir, SUDO_DEBUG_PARSER, sudoers_debug_instance) count = read_dir_files(dirpath, &paths); if (count > 0) { @@ -4133,7 +4133,7 @@ void init_lexer(void) { struct path_list *pl; - debug_decl(init_lexer, SUDO_DEBUG_PARSER) + debug_decl(init_lexer, SUDO_DEBUG_PARSER, sudoers_debug_instance) while (idepth) { idepth--; @@ -4164,7 +4164,7 @@ _push_include(char *path, bool isdir) { struct path_list *pl; FILE *fp; - debug_decl(_push_include, SUDO_DEBUG_PARSER) + debug_decl(_push_include, SUDO_DEBUG_PARSER, sudoers_debug_instance) /* push current state onto stack */ if (idepth >= istacksize) { @@ -4265,7 +4265,7 @@ pop_include(void) { struct path_list *pl; FILE *fp; - debug_decl(pop_include, SUDO_DEBUG_PARSER) + debug_decl(pop_include, SUDO_DEBUG_PARSER, sudoers_debug_instance) if (idepth == 0) debug_return_bool(false); @@ -4307,7 +4307,7 @@ parse_include(char *base) char *cp, *ep, *path, *pp; int dirlen = 0, len = 0, subst = 0; size_t shost_len = 0; - debug_decl(parse_include, SUDO_DEBUG_PARSER) + debug_decl(parse_include, SUDO_DEBUG_PARSER, sudoers_debug_instance) /* Pull out path from #include line. */ cp = base + sizeof("#include"); diff --git a/plugins/sudoers/toke.l b/plugins/sudoers/toke.l index c08a64ed6..58bdc882d 100644 --- a/plugins/sudoers/toke.l +++ b/plugins/sudoers/toke.l @@ -771,7 +771,7 @@ read_dir_files(const char *dirpath, struct path_list ***pathsp) int max_paths = 32; struct dirent *dent; struct path_list **paths = NULL; - debug_decl(read_dir_files, SUDO_DEBUG_PARSER) + debug_decl(read_dir_files, SUDO_DEBUG_PARSER, sudoers_debug_instance) dir = opendir(dirpath); if (dir == NULL) { @@ -846,7 +846,7 @@ switch_dir(struct include_stack *stack, char *dirpath) { struct path_list **paths = NULL; int count, i; - debug_decl(switch_dir, SUDO_DEBUG_PARSER) + debug_decl(switch_dir, SUDO_DEBUG_PARSER, sudoers_debug_instance) count = read_dir_files(dirpath, &paths); if (count > 0) { @@ -874,7 +874,7 @@ void init_lexer(void) { struct path_list *pl; - debug_decl(init_lexer, SUDO_DEBUG_PARSER) + debug_decl(init_lexer, SUDO_DEBUG_PARSER, sudoers_debug_instance) while (idepth) { idepth--; @@ -905,7 +905,7 @@ _push_include(char *path, bool isdir) { struct path_list *pl; FILE *fp; - debug_decl(_push_include, SUDO_DEBUG_PARSER) + debug_decl(_push_include, SUDO_DEBUG_PARSER, sudoers_debug_instance) /* push current state onto stack */ if (idepth >= istacksize) { @@ -1006,7 +1006,7 @@ pop_include(void) { struct path_list *pl; FILE *fp; - debug_decl(pop_include, SUDO_DEBUG_PARSER) + debug_decl(pop_include, SUDO_DEBUG_PARSER, sudoers_debug_instance) if (idepth == 0) debug_return_bool(false); @@ -1048,7 +1048,7 @@ parse_include(char *base) char *cp, *ep, *path, *pp; int dirlen = 0, len = 0, subst = 0; size_t shost_len = 0; - debug_decl(parse_include, SUDO_DEBUG_PARSER) + debug_decl(parse_include, SUDO_DEBUG_PARSER, sudoers_debug_instance) /* Pull out path from #include line. */ cp = base + sizeof("#include"); diff --git a/plugins/sudoers/toke_util.c b/plugins/sudoers/toke_util.c index 38cc23822..c9d88780b 100644 --- a/plugins/sudoers/toke_util.c +++ b/plugins/sudoers/toke_util.c @@ -1,5 +1,5 @@ /* - * Copyright (c) 1996, 1998-2005, 2007-2013 + * Copyright (c) 1996, 1998-2005, 2007-2014 * Todd C. Miller * * Permission to use, copy, modify, and distribute this software for any @@ -61,7 +61,7 @@ fill_txt(const char *src, int len, int olen) { char *dst; int h; - debug_decl(fill_txt, SUDO_DEBUG_PARSER) + debug_decl(fill_txt, SUDO_DEBUG_PARSER, sudoers_debug_instance) dst = olen ? realloc(sudoerslval.string, olen + len + 1) : malloc(len + 1); if (dst == NULL) { @@ -96,7 +96,7 @@ bool append(const char *src, int len) { int olen = 0; - debug_decl(append, SUDO_DEBUG_PARSER) + debug_decl(append, SUDO_DEBUG_PARSER, sudoers_debug_instance) if (sudoerslval.string != NULL) olen = strlen(sudoerslval.string); @@ -112,7 +112,7 @@ fill_cmnd(const char *src, int len) { char *dst; int i; - debug_decl(fill_cmnd, SUDO_DEBUG_PARSER) + debug_decl(fill_cmnd, SUDO_DEBUG_PARSER, sudoers_debug_instance) arg_len = arg_size = 0; @@ -141,7 +141,7 @@ fill_args(const char *s, int len, int addspace) { int new_len; char *p; - debug_decl(fill_args, SUDO_DEBUG_PARSER) + debug_decl(fill_args, SUDO_DEBUG_PARSER, sudoers_debug_instance) if (sudoerslval.command.args == NULL) { addspace = 0; @@ -188,7 +188,7 @@ bool ipv6_valid(const char *s) { int nmatch = 0; - debug_decl(ipv6_valid, SUDO_DEBUG_PARSER) + debug_decl(ipv6_valid, SUDO_DEBUG_PARSER, sudoers_debug_instance) for (; *s != '\0'; s++) { if (s[0] == ':' && s[1] == ':') { diff --git a/plugins/sudoers/visudo.c b/plugins/sudoers/visudo.c index 6ce93ad9e..01f906e39 100644 --- a/plugins/sudoers/visudo.c +++ b/plugins/sudoers/visudo.c @@ -124,6 +124,7 @@ extern void sudoersrestart(FILE *); */ struct sudo_user sudo_user; struct passwd *list_pw; +int sudoers_debug_instance = SUDO_DEBUG_INSTANCE_INITIALIZER; static struct sudoersfile_list sudoerslist = TAILQ_HEAD_INITIALIZER(sudoerslist); static struct rbtree *alias_freelist; static bool checkonly; @@ -149,7 +150,7 @@ main(int argc, char *argv[]) int ch, exitcode = 0; bool quiet, strict, oldperms; const char *export_path; - debug_decl(main, SUDO_DEBUG_MAIN) + debug_decl(main, SUDO_DEBUG_MAIN, sudoers_debug_instance) #if defined(SUDO_DEVEL) && defined(__OpenBSD__) { @@ -321,7 +322,7 @@ edit_sudoers(struct sudoersfile *sp, char *editor, char *args, int lineno) ssize_t nread; /* number of bytes read */ struct stat sb; /* stat buffer */ bool rval = false; /* return value */ - debug_decl(edit_sudoers, SUDO_DEBUG_UTIL) + debug_decl(edit_sudoers, SUDO_DEBUG_UTIL, sudoers_debug_instance) if (fstat(sp->fd, &sb) == -1) sudo_fatal(U_("unable to stat %s"), sp->path); @@ -479,7 +480,7 @@ reparse_sudoers(char *editor, char *args, bool strict, bool quiet) struct sudoersfile *sp, *last; FILE *fp; int ch; - debug_decl(reparse_sudoers, SUDO_DEBUG_UTIL) + debug_decl(reparse_sudoers, SUDO_DEBUG_UTIL, sudoers_debug_instance) /* * Parse the edited sudoers files and do sanity checking @@ -566,7 +567,7 @@ install_sudoers(struct sudoersfile *sp, bool oldperms) { struct stat sb; bool rval = false; - debug_decl(install_sudoers, SUDO_DEBUG_UTIL) + debug_decl(install_sudoers, SUDO_DEBUG_UTIL, sudoers_debug_instance) if (!sp->modified) { /* @@ -706,7 +707,7 @@ static int whatnow(void) { int choice, c; - debug_decl(whatnow, SUDO_DEBUG_UTIL) + debug_decl(whatnow, SUDO_DEBUG_UTIL, sudoers_debug_instance) for (;;) { (void) fputs(_("What now? "), stdout); @@ -738,7 +739,7 @@ static void setup_signals(void) { sigaction_t sa; - debug_decl(setup_signals, SUDO_DEBUG_UTIL) + debug_decl(setup_signals, SUDO_DEBUG_UTIL, sudoers_debug_instance) /* * Setup signal handlers to cleanup nicely. @@ -760,7 +761,7 @@ run_command(char *path, char **argv) { int status; pid_t pid, rv; - debug_decl(run_command, SUDO_DEBUG_UTIL) + debug_decl(run_command, SUDO_DEBUG_UTIL, sudoers_debug_instance) switch (pid = sudo_debug_fork()) { case -1: @@ -790,7 +791,7 @@ check_owner(const char *path, bool quiet) { struct stat sb; bool ok = true; - debug_decl(check_owner, SUDO_DEBUG_UTIL) + debug_decl(check_owner, SUDO_DEBUG_UTIL, sudoers_debug_instance) if (stat(path, &sb) == 0) { if (sb.st_uid != SUDOERS_UID || sb.st_gid != SUDOERS_GID) { @@ -816,7 +817,7 @@ static bool check_syntax(char *sudoers_path, bool quiet, bool strict, bool oldperms) { bool ok = false; - debug_decl(check_syntax, SUDO_DEBUG_UTIL) + debug_decl(check_syntax, SUDO_DEBUG_UTIL, sudoers_debug_instance) if (strcmp(sudoers_path, "-") == 0) { sudoersin = stdin; @@ -884,7 +885,7 @@ open_sudoers(const char *path, bool doedit, bool *keepopen) struct sudoersfile *entry; FILE *fp; int open_flags; - debug_decl(open_sudoers, SUDO_DEBUG_UTIL) + debug_decl(open_sudoers, SUDO_DEBUG_UTIL, sudoers_debug_instance) if (checkonly) open_flags = O_RDONLY; @@ -933,7 +934,7 @@ static char * get_editor(char **args) { char *Editor, *EditorArgs, *EditorPath, *UserEditor, *UserEditorArgs; - debug_decl(get_editor, SUDO_DEBUG_UTIL) + debug_decl(get_editor, SUDO_DEBUG_UTIL, sudoers_debug_instance) /* * Check VISUAL and EDITOR environment variables to see which editor @@ -1037,7 +1038,7 @@ static char * get_args(char *cmnd) { char *args; - debug_decl(get_args, SUDO_DEBUG_UTIL) + debug_decl(get_args, SUDO_DEBUG_UTIL, sudoers_debug_instance) args = cmnd; while (*args && !isblank((unsigned char) *args)) @@ -1057,7 +1058,7 @@ static void get_hostname(void) { char *p, thost[HOST_NAME_MAX + 1]; - debug_decl(get_hostname, SUDO_DEBUG_UTIL) + debug_decl(get_hostname, SUDO_DEBUG_UTIL, sudoers_debug_instance) if (gethostname(thost, sizeof(thost)) != -1) { thost[sizeof(thost) - 1] = '\0'; @@ -1084,7 +1085,7 @@ alias_remove_recursive(char *name, int type) struct member *m; struct alias *a; bool rval = true; - debug_decl(alias_remove_recursive, SUDO_DEBUG_ALIAS) + debug_decl(alias_remove_recursive, SUDO_DEBUG_ALIAS, sudoers_debug_instance) if ((a = alias_remove(name, type)) != NULL) { TAILQ_FOREACH(m, &a->members, entries) { @@ -1114,7 +1115,7 @@ check_alias(char *name, int type, int strict, int quiet) struct member *m; struct alias *a; int errors = 0; - debug_decl(check_alias, SUDO_DEBUG_ALIAS) + debug_decl(check_alias, SUDO_DEBUG_ALIAS, sudoers_debug_instance) if ((a = alias_get(name, type)) != NULL) { /* check alias contents */ @@ -1156,7 +1157,7 @@ check_aliases(bool strict, bool quiet) struct userspec *us; struct defaults *d; int atype, errors = 0; - debug_decl(check_aliases, SUDO_DEBUG_ALIAS) + debug_decl(check_aliases, SUDO_DEBUG_ALIAS, sudoers_debug_instance) alias_freelist = rbcreate(alias_compare); diff --git a/plugins/sudoers/visudo_json.c b/plugins/sudoers/visudo_json.c index cca898ecb..3ddb57a2a 100644 --- a/plugins/sudoers/visudo_json.c +++ b/plugins/sudoers/visudo_json.c @@ -162,7 +162,7 @@ static void print_pair_json(FILE *fp, const char *pre, const char *name, const struct json_value *value, const char *post, int indent) { - debug_decl(print_pair_json, SUDO_DEBUG_UTIL) + debug_decl(print_pair_json, SUDO_DEBUG_UTIL, sudoers_debug_instance) print_indent(fp, indent); @@ -215,7 +215,7 @@ static void printstr_json(FILE *fp, const char *pre, const char *str, const char *post, int indent) { - debug_decl(printstr_json, SUDO_DEBUG_UTIL) + debug_decl(printstr_json, SUDO_DEBUG_UTIL, sudoers_debug_instance) print_indent(fp, indent); if (pre != NULL) @@ -239,7 +239,7 @@ print_command_json(FILE *fp, struct member *m, int indent, bool last_one) struct sudo_command *c = (struct sudo_command *)m->name; struct json_value value; const char *digest_name; - debug_decl(print_command_json, SUDO_DEBUG_UTIL) + debug_decl(print_command_json, SUDO_DEBUG_UTIL, sudoers_debug_instance) printstr_json(fp, "{", NULL, NULL, indent); if (m->negated || c->digest != NULL) { @@ -362,7 +362,7 @@ print_member_json(FILE *fp, struct member *m, enum word_type word_type, const char *typestr; const char *errstr; id_t id; - debug_decl(print_member_json, SUDO_DEBUG_UTIL) + debug_decl(print_member_json, SUDO_DEBUG_UTIL, sudoers_debug_instance) /* Most of the time we print a string. */ value.type = JSON_STRING; @@ -494,7 +494,7 @@ print_alias_json(void *v1, void *v2) struct alias *a = v1; struct json_alias_closure *closure = v2; struct member *m; - debug_decl(print_alias_json, SUDO_DEBUG_UTIL) + debug_decl(print_alias_json, SUDO_DEBUG_UTIL, sudoers_debug_instance) if (a->type != closure->alias_type) debug_return_int(0); @@ -527,7 +527,7 @@ static void print_binding_json(FILE *fp, struct member_list *binding, int type, int indent) { struct member *m; - debug_decl(print_binding_json, SUDO_DEBUG_UTIL) + debug_decl(print_binding_json, SUDO_DEBUG_UTIL, sudoers_debug_instance) if (TAILQ_EMPTY(binding)) debug_return; @@ -555,7 +555,7 @@ print_defaults_list_json(FILE *fp, struct defaults *def, int indent) { char savech, *start, *end = def->val; struct json_value value; - debug_decl(print_defaults_list_json, SUDO_DEBUG_UTIL) + debug_decl(print_defaults_list_json, SUDO_DEBUG_UTIL, sudoers_debug_instance) fprintf(fp, "%*s{\n", indent, ""); indent += 4; @@ -628,7 +628,7 @@ print_defaults_json(FILE *fp, int indent, bool need_comma) struct json_value value; struct defaults *def, *next; int type; - debug_decl(print_defaults_json, SUDO_DEBUG_UTIL) + debug_decl(print_defaults_json, SUDO_DEBUG_UTIL, sudoers_debug_instance) if (TAILQ_EMPTY(&defaults)) debug_return_bool(need_comma); @@ -706,7 +706,7 @@ print_aliases_by_type_json(FILE *fp, int alias_type, const char *title, int indent, bool need_comma) { struct json_alias_closure closure; - debug_decl(print_aliases_by_type_json, SUDO_DEBUG_UTIL) + debug_decl(print_aliases_by_type_json, SUDO_DEBUG_UTIL, sudoers_debug_instance) closure.fp = fp; closure.indent = indent; @@ -733,7 +733,7 @@ print_aliases_by_type_json(FILE *fp, int alias_type, const char *title, static bool print_aliases_json(FILE *fp, int indent, bool need_comma) { - debug_decl(print_aliases_json, SUDO_DEBUG_UTIL) + debug_decl(print_aliases_json, SUDO_DEBUG_UTIL, sudoers_debug_instance) need_comma = print_aliases_by_type_json(fp, USERALIAS, "User_Aliases", indent, need_comma); @@ -776,7 +776,7 @@ print_cmndspec_json(FILE *fp, struct cmndspec *cs, struct cmndspec **nextp, struct json_value value; struct member *m; bool last_one; - debug_decl(print_cmndspec_json, SUDO_DEBUG_UTIL) + debug_decl(print_cmndspec_json, SUDO_DEBUG_UTIL, sudoers_debug_instance) /* Open Cmnd_Spec object. */ fprintf(fp, "%*s{\n", indent, ""); @@ -934,7 +934,7 @@ print_userspec_json(FILE *fp, struct userspec *us, int indent) struct privilege *priv; struct member *m; struct cmndspec *cs, *next; - debug_decl(print_userspec_json, SUDO_DEBUG_UTIL) + debug_decl(print_userspec_json, SUDO_DEBUG_UTIL, sudoers_debug_instance) /* * Each userspec struct may contain multiple privileges for @@ -988,7 +988,7 @@ static bool print_userspecs_json(FILE *fp, int indent, bool need_comma) { struct userspec *us; - debug_decl(print_userspecs_json, SUDO_DEBUG_UTIL) + debug_decl(print_userspecs_json, SUDO_DEBUG_UTIL, sudoers_debug_instance) if (TAILQ_EMPTY(&userspecs)) debug_return_bool(need_comma); @@ -1015,7 +1015,7 @@ export_sudoers(const char *sudoers_path, const char *export_path, bool ok = false, need_comma = false; const int indent = 4; FILE *export_fp = stdout; - debug_decl(export_sudoers, SUDO_DEBUG_UTIL) + debug_decl(export_sudoers, SUDO_DEBUG_UTIL, sudoers_debug_instance) if (strcmp(sudoers_path, "-") == 0) { sudoersin = stdin; diff --git a/src/Makefile.in b/src/Makefile.in index fca113c66..f01a0a2cb 100644 --- a/src/Makefile.in +++ b/src/Makefile.in @@ -211,7 +211,8 @@ cleandir: realclean # Autogenerated dependencies, do not modify check_ttyname.o: $(srcdir)/regress/ttyname/check_ttyname.c \ $(incdir)/compat/stdbool.h $(incdir)/sudo_alloc.h \ - $(incdir)/sudo_compat.h $(incdir)/sudo_fatal.h \ + $(incdir)/sudo_compat.h $(incdir)/sudo_debug.h \ + $(incdir)/sudo_fatal.h $(incdir)/sudo_queue.h \ $(incdir)/sudo_util.h $(top_builddir)/config.h $(CC) -c $(CPPFLAGS) $(CFLAGS) $(PIE_CFLAGS) $(SSP_CFLAGS) $(DEFS) $(srcdir)/regress/ttyname/check_ttyname.c conversation.o: $(srcdir)/conversation.c $(incdir)/compat/stdbool.h \ diff --git a/src/exec.c b/src/exec.c index 68b07ed50..128c7f88f 100644 --- a/src/exec.c +++ b/src/exec.c @@ -93,7 +93,7 @@ static int fork_cmnd(struct command_details *details, int sv[2]) { struct command_status cstat; sigaction_t sa; - debug_decl(fork_cmnd, SUDO_DEBUG_EXEC) + debug_decl(fork_cmnd, SUDO_DEBUG_EXEC, sudo_debug_instance) ppgrp = getpgrp(); /* parent's process group */ @@ -165,7 +165,7 @@ void exec_cmnd(struct command_details *details, struct command_status *cstat, int errfd) { - debug_decl(exec_cmnd, SUDO_DEBUG_EXEC) + debug_decl(exec_cmnd, SUDO_DEBUG_EXEC, sudo_debug_instance) restore_signals(); if (exec_setup(details, NULL, -1) == true) { @@ -173,10 +173,15 @@ exec_cmnd(struct command_details *details, struct command_status *cstat, sudo_debug_execve(SUDO_DEBUG_INFO, details->command, details->argv, details->envp); if (details->closefrom >= 0) { - /* Preserve debug fd and error pipe as needed. */ - int debug_fd = sudo_debug_fd_get(); - if (debug_fd != -1) - add_preserved_fd(&details->preserved_fds, debug_fd); + int fd, maxfd; + fd_set *debug_fds; + + /* Preserve debug fds and error pipe as needed. */ + maxfd = sudo_debug_get_fds(&debug_fds); + for (fd = 0; fd <= maxfd; fd++) { + if (FD_ISSET(fd, debug_fds)) + add_preserved_fd(&details->preserved_fds, fd); + } if (errfd != -1) add_preserved_fd(&details->preserved_fds, errfd); @@ -206,7 +211,7 @@ backchannel_cb(int fd, int what, void *v) { struct exec_closure *ec = v; ssize_t n; - debug_decl(backchannel_cb, SUDO_DEBUG_EXEC) + debug_decl(backchannel_cb, SUDO_DEBUG_EXEC, sudo_debug_instance) /* read child status */ n = recv(fd, ec->cstat, sizeof(struct command_status), MSG_WAITALL); @@ -298,7 +303,7 @@ static struct sudo_event_base * exec_event_setup(int backchannel, struct exec_closure *ec) { struct sudo_event_base *evbase; - debug_decl(exec_event_setup, SUDO_DEBUG_EXEC) + debug_decl(exec_event_setup, SUDO_DEBUG_EXEC, sudo_debug_instance) evbase = sudo_ev_base_alloc(); if (evbase == NULL) @@ -349,7 +354,7 @@ sudo_execute(struct command_details *details, struct command_status *cstat) sigaction_t sa; pid_t child; int sv[2]; - debug_decl(sudo_execute, SUDO_DEBUG_EXEC) + debug_decl(sudo_execute, SUDO_DEBUG_EXEC, sudo_debug_instance) dispatch_pending_signals(cstat); @@ -537,7 +542,7 @@ dispatch_signal(struct sudo_event_base *evbase, pid_t child, int signo, char *signame, struct command_status *cstat) { int rc = 1; - debug_decl(dispatch_signal, SUDO_DEBUG_EXEC) + debug_decl(dispatch_signal, SUDO_DEBUG_EXEC, sudo_debug_instance) sudo_debug_printf(SUDO_DEBUG_INFO, "%s: evbase %p, child: %d, signo %s(%d), cstat %p", @@ -648,7 +653,7 @@ dispatch_signal_pty(struct sudo_event_base *evbase, pid_t child, int signo, char *signame, struct command_status *cstat) { int rc = 1; - debug_decl(dispatch_signal_pty, SUDO_DEBUG_EXEC) + debug_decl(dispatch_signal_pty, SUDO_DEBUG_EXEC, sudo_debug_instance) sudo_debug_printf(SUDO_DEBUG_INFO, "%s: evbase %p, child: %d, signo %s(%d), cstat %p", @@ -707,7 +712,7 @@ signal_pipe_cb(int fd, int what, void *v) unsigned char signo; ssize_t nread; int rc = 0; - debug_decl(signal_pipe_cb, SUDO_DEBUG_EXEC) + debug_decl(signal_pipe_cb, SUDO_DEBUG_EXEC, sudo_debug_instance) do { /* read signal pipe */ @@ -755,7 +760,7 @@ dispatch_pending_signals(struct command_status *cstat) struct sigaction sa; unsigned char signo = 0; int rval = 0; - debug_decl(dispatch_pending_signals, SUDO_DEBUG_EXEC) + debug_decl(dispatch_pending_signals, SUDO_DEBUG_EXEC, sudo_debug_instance) for (;;) { nread = read(signal_pipe[0], &signo, sizeof(signo)); @@ -810,7 +815,7 @@ forward_signals(int sock, int what, void *v) struct sigforward *sigfwd; struct command_status cstat; ssize_t nsent; - debug_decl(forward_signals, SUDO_DEBUG_EXEC) + debug_decl(forward_signals, SUDO_DEBUG_EXEC, sudo_debug_instance) while (!TAILQ_EMPTY(&sigfwd_list)) { sigfwd = TAILQ_FIRST(&sigfwd_list); @@ -854,7 +859,7 @@ schedule_signal(struct sudo_event_base *evbase, int signo) { struct sigforward *sigfwd; char signame[SIG2STR_MAX]; - debug_decl(schedule_signal, SUDO_DEBUG_EXEC) + debug_decl(schedule_signal, SUDO_DEBUG_EXEC, sudo_debug_instance) if (signo == SIGCONT_FG) strlcpy(signame, "CONT_FG", sizeof(signame)); @@ -974,7 +979,7 @@ int pipe_nonblock(int fds[2]) { int flags, rval; - debug_decl(pipe_nonblock, SUDO_DEBUG_EXEC) + debug_decl(pipe_nonblock, SUDO_DEBUG_EXEC, sudo_debug_instance) rval = pipe(fds); if (rval != -1) { diff --git a/src/exec_common.c b/src/exec_common.c index 914fc7023..7b0ffce97 100644 --- a/src/exec_common.c +++ b/src/exec_common.c @@ -61,7 +61,7 @@ disable_execute(char *const envp[]) bool enabled = false; # endif #endif /* _PATH_SUDO_NOEXEC */ - debug_decl(disable_execute, SUDO_DEBUG_UTIL) + debug_decl(disable_execute, SUDO_DEBUG_UTIL, sudo_debug_instance) #ifdef HAVE_PRIV_SET /* Solaris privileges, remove PRIV_PROC_EXEC post-execve. */ diff --git a/src/exec_pty.c b/src/exec_pty.c index 04cec8660..27ab3cc2a 100644 --- a/src/exec_pty.c +++ b/src/exec_pty.c @@ -119,7 +119,7 @@ static void check_foreground(void); static void pty_cleanup(void) { - debug_decl(cleanup, SUDO_DEBUG_EXEC); + debug_decl(cleanup, SUDO_DEBUG_EXEC, sudo_debug_instance); if (!TAILQ_EMPTY(&io_plugins) && io_fds[SFD_USERTTY] != -1) sudo_term_restore(io_fds[SFD_USERTTY], 0); @@ -191,7 +191,7 @@ mon_handler(int s) void pty_setup(uid_t uid, const char *tty, const char *utmp_user) { - debug_decl(pty_setup, SUDO_DEBUG_EXEC); + debug_decl(pty_setup, SUDO_DEBUG_EXEC, sudo_debug_instance); io_fds[SFD_USERTTY] = open(_PATH_TTY, O_RDWR|O_NOCTTY, 0); if (io_fds[SFD_USERTTY] != -1) { @@ -213,7 +213,7 @@ log_ttyin(const char *buf, unsigned int n, struct io_buffer *iob) struct plugin_container *plugin; sigset_t omask; bool rval = true; - debug_decl(log_ttyin, SUDO_DEBUG_EXEC); + debug_decl(log_ttyin, SUDO_DEBUG_EXEC, sudo_debug_instance); sigprocmask(SIG_BLOCK, &ttyblock, &omask); TAILQ_FOREACH(plugin, &io_plugins, entries) { @@ -241,7 +241,7 @@ log_stdin(const char *buf, unsigned int n, struct io_buffer *iob) struct plugin_container *plugin; sigset_t omask; bool rval = true; - debug_decl(log_stdin, SUDO_DEBUG_EXEC); + debug_decl(log_stdin, SUDO_DEBUG_EXEC, sudo_debug_instance); sigprocmask(SIG_BLOCK, &ttyblock, &omask); TAILQ_FOREACH(plugin, &io_plugins, entries) { @@ -269,7 +269,7 @@ log_ttyout(const char *buf, unsigned int n, struct io_buffer *iob) struct plugin_container *plugin; sigset_t omask; bool rval = true; - debug_decl(log_ttyout, SUDO_DEBUG_EXEC); + debug_decl(log_ttyout, SUDO_DEBUG_EXEC, sudo_debug_instance); sigprocmask(SIG_BLOCK, &ttyblock, &omask); TAILQ_FOREACH(plugin, &io_plugins, entries) { @@ -309,7 +309,7 @@ log_stdout(const char *buf, unsigned int n, struct io_buffer *iob) struct plugin_container *plugin; sigset_t omask; bool rval = true; - debug_decl(log_stdout, SUDO_DEBUG_EXEC); + debug_decl(log_stdout, SUDO_DEBUG_EXEC, sudo_debug_instance); sigprocmask(SIG_BLOCK, &ttyblock, &omask); TAILQ_FOREACH(plugin, &io_plugins, entries) { @@ -349,7 +349,7 @@ log_stderr(const char *buf, unsigned int n, struct io_buffer *iob) struct plugin_container *plugin; sigset_t omask; bool rval = true; - debug_decl(log_stderr, SUDO_DEBUG_EXEC); + debug_decl(log_stderr, SUDO_DEBUG_EXEC, sudo_debug_instance); sigprocmask(SIG_BLOCK, &ttyblock, &omask); TAILQ_FOREACH(plugin, &io_plugins, entries) { @@ -390,7 +390,7 @@ log_stderr(const char *buf, unsigned int n, struct io_buffer *iob) static void check_foreground(void) { - debug_decl(check_foreground, SUDO_DEBUG_EXEC); + debug_decl(check_foreground, SUDO_DEBUG_EXEC, sudo_debug_instance); if (io_fds[SFD_USERTTY] != -1) { foreground = tcgetpgrp(io_fds[SFD_USERTTY]) == ppgrp; @@ -416,7 +416,7 @@ suspend_parent(int signo) char signame[SIG2STR_MAX]; sigaction_t sa, osa; int n, rval = 0; - debug_decl(suspend_parent, SUDO_DEBUG_EXEC); + debug_decl(suspend_parent, SUDO_DEBUG_EXEC, sudo_debug_instance); switch (signo) { case SIGTTOU: @@ -506,7 +506,7 @@ suspend_parent(int signo) void terminate_command(pid_t pid, bool use_pgrp) { - debug_decl(terminate_command, SUDO_DEBUG_EXEC); + debug_decl(terminate_command, SUDO_DEBUG_EXEC, sudo_debug_instance); /* * Note that SIGCHLD will interrupt the sleep() @@ -541,7 +541,7 @@ io_callback(int fd, int what, void *v) struct io_buffer *iob = v; struct sudo_event_base *evbase; int n; - debug_decl(io_callback, SUDO_DEBUG_EXEC); + debug_decl(io_callback, SUDO_DEBUG_EXEC, sudo_debug_instance); if (ISSET(what, SUDO_EV_READ)) { evbase = sudo_ev_get_base(iob->revent); @@ -664,7 +664,7 @@ io_buf_new(int rfd, int wfd, bool (*action)(const char *, unsigned int, struct i { int n; struct io_buffer *iob; - debug_decl(io_buf_new, SUDO_DEBUG_EXEC); + debug_decl(io_buf_new, SUDO_DEBUG_EXEC, sudo_debug_instance); /* Set non-blocking mode. */ n = fcntl(rfd, F_GETFL, 0); @@ -702,7 +702,7 @@ fork_pty(struct command_details *details, int sv[], sigset_t *omask) sigaction_t sa; sigset_t mask; pid_t child; - debug_decl(fork_pty, SUDO_DEBUG_EXEC); + debug_decl(fork_pty, SUDO_DEBUG_EXEC, sudo_debug_instance); ppgrp = getpgrp(); /* parent's pgrp, so child can signal us */ @@ -877,7 +877,7 @@ pty_close(struct command_status *cstat) { struct io_buffer *iob; int n; - debug_decl(pty_close, SUDO_DEBUG_EXEC); + debug_decl(pty_close, SUDO_DEBUG_EXEC, sudo_debug_instance); /* Flush any remaining output (the plugin already got it) */ if (io_fds[SFD_USERTTY] != -1) { @@ -926,7 +926,7 @@ void add_io_events(struct sudo_event_base *evbase) { struct io_buffer *iob; - debug_decl(add_io_events, SUDO_DEBUG_EXEC); + debug_decl(add_io_events, SUDO_DEBUG_EXEC, sudo_debug_instance); /* * Schedule all readers as long as the buffer is not full. @@ -968,7 +968,7 @@ del_io_events(void) { struct io_buffer *iob; struct sudo_event_base *evbase; - debug_decl(del_io_events, SUDO_DEBUG_EXEC); + debug_decl(del_io_events, SUDO_DEBUG_EXEC, sudo_debug_instance); /* Remove iobufs from existing event base. */ SLIST_FOREACH(iob, &iobufs, entries) { @@ -1032,7 +1032,7 @@ deliver_signal(pid_t pid, int signo, bool from_parent) { char signame[SIG2STR_MAX]; int status; - debug_decl(deliver_signal, SUDO_DEBUG_EXEC); + debug_decl(deliver_signal, SUDO_DEBUG_EXEC, sudo_debug_instance); if (signo == SIGCONT_FG) strlcpy(signame, "CONT_FG", sizeof(signame)); @@ -1081,7 +1081,7 @@ static int send_status(int fd, struct command_status *cstat) { int n = -1; - debug_decl(send_status, SUDO_DEBUG_EXEC); + debug_decl(send_status, SUDO_DEBUG_EXEC, sudo_debug_instance); if (cstat->type != CMD_INVALID) { sudo_debug_printf(SUDO_DEBUG_INFO, @@ -1111,7 +1111,7 @@ handle_sigchld(int backchannel, struct command_status *cstat) bool alive = true; int status; pid_t pid; - debug_decl(handle_sigchld, SUDO_DEBUG_EXEC); + debug_decl(handle_sigchld, SUDO_DEBUG_EXEC, sudo_debug_instance); /* read command status */ do { @@ -1168,7 +1168,7 @@ mon_signal_pipe_cb(int fd, int what, void *v) struct monitor_closure *mc = v; unsigned char signo; ssize_t nread; - debug_decl(mon_signal_pipe_cb, SUDO_DEBUG_EXEC); + debug_decl(mon_signal_pipe_cb, SUDO_DEBUG_EXEC, sudo_debug_instance); nread = read(fd, &signo, sizeof(signo)); if (nread <= 0) { @@ -1203,7 +1203,7 @@ mon_errpipe_cb(int fd, int what, void *v) { struct monitor_closure *mc = v; ssize_t n; - debug_decl(mon_errpipe_cb, SUDO_DEBUG_EXEC); + debug_decl(mon_errpipe_cb, SUDO_DEBUG_EXEC, sudo_debug_instance); /* read errno or EOF from command pipe */ n = read(fd, mc->cstat, sizeof(struct command_status)); @@ -1226,7 +1226,7 @@ mon_backchannel_cb(int fd, int what, void *v) struct monitor_closure *mc = v; struct command_status cstmp; ssize_t n; - debug_decl(mon_backchannel_cb, SUDO_DEBUG_EXEC); + debug_decl(mon_backchannel_cb, SUDO_DEBUG_EXEC, sudo_debug_instance); /* read command from backchannel, should be a signal */ n = recv(fd, &cstmp, sizeof(cstmp), MSG_WAITALL); @@ -1264,7 +1264,7 @@ exec_monitor(struct command_details *details, int backchannel) struct monitor_closure mc; sigaction_t sa; int errpipe[2], n; - debug_decl(exec_monitor, SUDO_DEBUG_EXEC); + debug_decl(exec_monitor, SUDO_DEBUG_EXEC, sudo_debug_instance); /* Close unused fds. */ if (io_fds[SFD_MASTER] != -1) @@ -1481,7 +1481,7 @@ exec_pty(struct command_details *details, struct command_status *cstat, int errfd) { pid_t self = getpid(); - debug_decl(exec_pty, SUDO_DEBUG_EXEC); + debug_decl(exec_pty, SUDO_DEBUG_EXEC, sudo_debug_instance); /* Register cleanup function */ sudo_fatal_callback_register(pty_cleanup); @@ -1526,7 +1526,7 @@ sync_ttysize(int src, int dst) #ifdef TIOCGWINSZ struct winsize wsize; pid_t pgrp; - debug_decl(sync_ttysize, SUDO_DEBUG_EXEC); + debug_decl(sync_ttysize, SUDO_DEBUG_EXEC, sudo_debug_instance); if (ioctl(src, TIOCGWINSZ, &wsize) == 0) { ioctl(dst, TIOCSWINSZ, &wsize); @@ -1558,7 +1558,7 @@ static void ev_free_by_fd(struct sudo_event_base *evbase, int fd) { struct io_buffer *iob; - debug_decl(ev_free_by_fd, SUDO_DEBUG_EXEC); + debug_decl(ev_free_by_fd, SUDO_DEBUG_EXEC, sudo_debug_instance); /* Deschedule any users of the fd and free up the events. */ SLIST_FOREACH(iob, &iobufs, entries) { @@ -1593,7 +1593,7 @@ ev_free_by_fd(struct sudo_event_base *evbase, int fd) static int safe_close(int fd) { - debug_decl(safe_close, SUDO_DEBUG_EXEC); + debug_decl(safe_close, SUDO_DEBUG_EXEC, sudo_debug_instance); /* Avoid closing /dev/tty or std{in,out,err}. */ if (fd < 3 || fd == io_fds[SFD_USERTTY]) { diff --git a/src/get_pty.c b/src/get_pty.c index e6a6b1698..e11ffdefc 100644 --- a/src/get_pty.c +++ b/src/get_pty.c @@ -1,5 +1,5 @@ /* - * Copyright (c) 2009-2012 Todd C. Miller + * Copyright (c) 2009-2012, 2014 Todd C. Miller * * Permission to use, copy, modify, and distribute this software for any * purpose with or without fee is hereby granted, provided that the above @@ -63,7 +63,7 @@ get_pty(int *master, int *slave, char *name, size_t namesz, uid_t ttyuid) struct group *gr; gid_t ttygid = -1; int rval = 0; - debug_decl(get_pty, SUDO_DEBUG_PTY) + debug_decl(get_pty, SUDO_DEBUG_PTY, sudo_debug_instance) if ((gr = getgrnam("tty")) != NULL) ttygid = gr->gr_gid; @@ -82,7 +82,7 @@ get_pty(int *master, int *slave, char *name, size_t namesz, uid_t ttyuid) { char *line; int rval = 0; - debug_decl(get_pty, SUDO_DEBUG_PTY) + debug_decl(get_pty, SUDO_DEBUG_PTY, sudo_debug_instance) /* IRIX-style dynamic ptys (may fork) */ line = _getpty(master, O_RDWR, S_IRUSR|S_IWUSR|S_IWGRP, 0); @@ -120,7 +120,7 @@ get_pty(int *master, int *slave, char *name, size_t namesz, uid_t ttyuid) { char *line; int rval = 0; - debug_decl(get_pty, SUDO_DEBUG_PTY) + debug_decl(get_pty, SUDO_DEBUG_PTY, sudo_debug_instance) *master = posix_openpt(O_RDWR|O_NOCTTY); if (*master != -1) { @@ -162,7 +162,7 @@ get_pty(int *master, int *slave, char *name, size_t namesz, uid_t ttyuid) struct group *gr; gid_t ttygid = -1; int rval = 0; - debug_decl(get_pty, SUDO_DEBUG_PTY) + debug_decl(get_pty, SUDO_DEBUG_PTY, sudo_debug_instance) if ((gr = getgrnam("tty")) != NULL) ttygid = gr->gr_gid; diff --git a/src/hooks.c b/src/hooks.c index 3e29f3b60..7f4932568 100644 --- a/src/hooks.c +++ b/src/hooks.c @@ -173,7 +173,7 @@ register_hook_internal(struct sudo_hook_list *head, int (*hook_fn)(), void *closure) { struct sudo_hook_entry *hook; - debug_decl(register_hook_internal, SUDO_DEBUG_HOOKS) + debug_decl(register_hook_internal, SUDO_DEBUG_HOOKS, sudo_debug_instance) hook = sudo_ecalloc(1, sizeof(*hook)); hook->u.generic_fn = hook_fn; @@ -188,7 +188,7 @@ int register_hook(struct sudo_hook *hook) { int rval = 0; - debug_decl(register_hook, SUDO_DEBUG_HOOKS) + debug_decl(register_hook, SUDO_DEBUG_HOOKS, sudo_debug_instance) if (SUDO_HOOK_VERSION_GET_MAJOR(hook->hook_version) != SUDO_HOOK_VERSION_MAJOR) { /* Major versions must match. */ @@ -227,7 +227,7 @@ deregister_hook_internal(struct sudo_hook_list *head, int (*hook_fn)(), void *closure) { struct sudo_hook_entry *hook, *prev = NULL; - debug_decl(deregister_hook_internal, SUDO_DEBUG_HOOKS) + debug_decl(deregister_hook_internal, SUDO_DEBUG_HOOKS, sudo_debug_instance) SLIST_FOREACH(hook, head, entries) { if (hook->u.generic_fn == hook_fn && hook->closure == closure) { @@ -250,7 +250,7 @@ int deregister_hook(struct sudo_hook *hook) { int rval = 0; - debug_decl(deregister_hook, SUDO_DEBUG_HOOKS) + debug_decl(deregister_hook, SUDO_DEBUG_HOOKS, sudo_debug_instance) if (SUDO_HOOK_VERSION_GET_MAJOR(hook->hook_version) != SUDO_HOOK_VERSION_MAJOR) { /* Major versions must match. */ diff --git a/src/load_plugins.c b/src/load_plugins.c index a0441e812..466b23c4f 100644 --- a/src/load_plugins.c +++ b/src/load_plugins.c @@ -52,7 +52,7 @@ sudo_stat_plugin(struct plugin_info *info, char *fullpath, size_t pathsize, struct stat *sb) { int status = -1; - debug_decl(sudo_stat_plugin, SUDO_DEBUG_PLUGIN) + debug_decl(sudo_stat_plugin, SUDO_DEBUG_PLUGIN, sudo_debug_instance) if (info->path[0] == '/') { if (strlcpy(fullpath, info->path, pathsize) >= pathsize) { @@ -136,7 +136,7 @@ sudo_check_plugin(struct plugin_info *info, char *fullpath, size_t pathsize) { struct stat sb; int rval = false; - debug_decl(sudo_check_plugin, SUDO_DEBUG_PLUGIN) + debug_decl(sudo_check_plugin, SUDO_DEBUG_PLUGIN, sudo_debug_instance) if (sudo_stat_plugin(info, fullpath, pathsize, &sb) != 0) { sudo_warnx(U_("error in %s, line %d while loading plugin `%s'"), @@ -165,7 +165,7 @@ done: static bool sudo_check_plugin(struct plugin_info *info, char *fullpath, size_t pathsize) { - debug_decl(sudo_check_plugin, SUDO_DEBUG_PLUGIN) + debug_decl(sudo_check_plugin, SUDO_DEBUG_PLUGIN, sudo_debug_instance) (void)strlcpy(fullpath, info->path, pathsize); debug_return_bool(true); } @@ -183,7 +183,7 @@ sudo_load_plugin(struct plugin_container *policy_plugin, char path[PATH_MAX]; bool rval = false; void *handle; - debug_decl(sudo_load_plugin, SUDO_DEBUG_PLUGIN) + debug_decl(sudo_load_plugin, SUDO_DEBUG_PLUGIN, sudo_debug_instance) /* Sanity check plugin and fill in path */ if (!sudo_check_plugin(info, path, sizeof(path))) @@ -284,7 +284,7 @@ sudo_load_plugins(struct plugin_container *policy_plugin, struct plugin_info_list *plugins; struct plugin_info *info; bool rval = false; - debug_decl(sudo_load_plugins, SUDO_DEBUG_PLUGIN) + debug_decl(sudo_load_plugins, SUDO_DEBUG_PLUGIN, sudo_debug_instance) /* Walk the plugin list from sudo.conf, if any. */ plugins = sudo_conf_plugins(); diff --git a/src/net_ifs.c b/src/net_ifs.c index 3c941c6ca..bfd8f32d2 100644 --- a/src/net_ifs.c +++ b/src/net_ifs.c @@ -124,7 +124,7 @@ get_net_ifs(char **addrinfo) #endif int ailen, len, num_interfaces = 0; char *cp; - debug_decl(get_net_ifs, SUDO_DEBUG_NETIF) + debug_decl(get_net_ifs, SUDO_DEBUG_NETIF, SUDO_DEBUG_INSTANCE_DEFAULT) /* XXX */ if (!sudo_conf_probe_interfaces() || getifaddrs(&ifaddrs) != 0) debug_return_int(0); @@ -224,7 +224,7 @@ get_net_ifs(char **addrinfo) #ifdef _ISC struct strioctl strioctl; #endif /* _ISC */ - debug_decl(get_net_ifs, SUDO_DEBUG_NETIF) + debug_decl(get_net_ifs, SUDO_DEBUG_NETIF, sudo_debug_instance) if (!sudo_conf_probe_interfaces()) debug_return_int(0); @@ -345,7 +345,7 @@ done: int get_net_ifs(char **addrinfo) { - debug_decl(get_net_ifs, SUDO_DEBUG_NETIF) + debug_decl(get_net_ifs, SUDO_DEBUG_NETIF, sudo_debug_instance) debug_return_int(0); } diff --git a/src/parse_args.c b/src/parse_args.c index 9aaceed67..862067e49 100644 --- a/src/parse_args.c +++ b/src/parse_args.c @@ -178,7 +178,7 @@ parse_args(int argc, char **argv, int *nargc, char ***nargv, int proglen; int nenv = 0; int env_size = 32; - debug_decl(parse_args, SUDO_DEBUG_ARGS) + debug_decl(parse_args, SUDO_DEBUG_ARGS, sudo_debug_instance) env_add = sudo_emallocarray(env_size, sizeof(char *)); @@ -565,7 +565,7 @@ usage(int fatal) static void usage_excl(int fatal) { - debug_decl(usage_excl, SUDO_DEBUG_ARGS) + debug_decl(usage_excl, SUDO_DEBUG_ARGS, sudo_debug_instance) sudo_warnx(U_("Only one of the -e, -h, -i, -K, -l, -s, -v or -V options may be specified")); usage(fatal); @@ -577,7 +577,7 @@ help(void) struct sudo_lbuf lbuf; const int indent = 30; const char *pname = getprogname(); - debug_decl(help, SUDO_DEBUG_ARGS) + debug_decl(help, SUDO_DEBUG_ARGS, sudo_debug_instance) sudo_lbuf_init(&lbuf, usage_out, indent, NULL, user_details.ts_cols); if (strcmp(pname, "sudoedit") == 0) diff --git a/src/preserve_fds.c b/src/preserve_fds.c index 55f9cd5cc..981325131 100644 --- a/src/preserve_fds.c +++ b/src/preserve_fds.c @@ -57,7 +57,7 @@ int add_preserved_fd(struct preserved_fd_list *pfds, int fd) { struct preserved_fd *pfd, *pfd_new; - debug_decl(add_preserved_fd, SUDO_DEBUG_UTIL) + debug_decl(add_preserved_fd, SUDO_DEBUG_UTIL, sudo_debug_instance) pfd_new = sudo_emalloc(sizeof(*pfd)); pfd_new->lowfd = fd; @@ -99,12 +99,10 @@ add_preserved_fd(struct preserved_fd_list *pfds, int fd) void closefrom_except(int startfd, struct preserved_fd_list *pfds) { - int debug_fd, fd, lastfd = -1; + int fd, lastfd = -1; struct preserved_fd *pfd, *pfd_next; fd_set *fdsp; - debug_decl(closefrom_except, SUDO_DEBUG_UTIL) - - debug_fd = sudo_debug_fd_get(); + debug_decl(closefrom_except, SUDO_DEBUG_UTIL, sudo_debug_instance) /* First, relocate preserved fds to be as contiguous as possible. */ TAILQ_FOREACH_REVERSE_SAFE(pfd, pfds, preserved_fd_list, entries, pfd_next) { @@ -120,12 +118,11 @@ closefrom_except(int startfd, struct preserved_fd_list *pfds) } /* NOTE: still need to adjust lastfd below with unchanged lowfd. */ } else if (fd < pfd->highfd) { - pfd->lowfd = fd; - fd = pfd->highfd; - if (fd == debug_fd) - debug_fd = sudo_debug_fd_set(pfd->lowfd); sudo_debug_printf(SUDO_DEBUG_DEBUG|SUDO_DEBUG_LINENO, "dup %d -> %d", pfd->highfd, pfd->lowfd); + sudo_debug_update_fd(pfd->highfd, pfd->lowfd); + pfd->lowfd = fd; + fd = pfd->highfd; } if (fd != -1) (void) close(fd); @@ -191,8 +188,7 @@ closefrom_except(int startfd, struct preserved_fd_list *pfds) sudo_debug_printf(SUDO_DEBUG_DEBUG|SUDO_DEBUG_LINENO, "fcntl(%d, F_SETFD, %d)", pfd->highfd, pfd->flags); } - if (pfd->lowfd == debug_fd) - debug_fd = sudo_debug_fd_set(pfd->highfd); + sudo_debug_update_fd(pfd->lowfd, pfd->highfd); (void) close(pfd->lowfd); pfd->lowfd = pfd->highfd; } @@ -209,7 +205,7 @@ parse_preserved_fds(struct preserved_fd_list *pfds, const char *fdstr) const char *cp = fdstr; long lval; char *ep; - debug_decl(parse_preserved_fds, SUDO_DEBUG_UTIL) + debug_decl(parse_preserved_fds, SUDO_DEBUG_UTIL, sudo_debug_instance) do { errno = 0; diff --git a/src/regress/ttyname/check_ttyname.c b/src/regress/ttyname/check_ttyname.c index b8b9dc148..62f062ffb 100644 --- a/src/regress/ttyname/check_ttyname.c +++ b/src/regress/ttyname/check_ttyname.c @@ -38,6 +38,7 @@ #include #include +#include "sudo_debug.h" #include "sudo_compat.h" #include "sudo_alloc.h" #include "sudo_fatal.h" @@ -45,6 +46,7 @@ __dso_public int main(int argc, char *argv[]); +int sudo_debug_instance = SUDO_DEBUG_INSTANCE_INITIALIZER; extern char *get_process_ttyname(void); int diff --git a/src/selinux.c b/src/selinux.c index 9e0983bc1..bd3dab406 100644 --- a/src/selinux.c +++ b/src/selinux.c @@ -67,7 +67,7 @@ audit_role_change(const security_context_t old_context, { int au_fd, rc = -1; char *message; - debug_decl(audit_role_change, SUDO_DEBUG_SELINUX) + debug_decl(audit_role_change, SUDO_DEBUG_SELINUX, sudo_debug_instance) au_fd = audit_open(); if (au_fd == -1) { @@ -103,7 +103,7 @@ selinux_restore_tty(void) { int retval = 0; security_context_t chk_tty_context = NULL; - debug_decl(selinux_restore_tty, SUDO_DEBUG_SELINUX) + debug_decl(selinux_restore_tty, SUDO_DEBUG_SELINUX, sudo_debug_instance) if (se_state.ttyfd == -1 || se_state.new_tty_context == NULL) goto skip_relabel; @@ -148,7 +148,7 @@ relabel_tty(const char *ttyn, int ptyfd) security_context_t tty_con = NULL; security_context_t new_tty_con = NULL; int fd; - debug_decl(relabel_tty, SUDO_DEBUG_SELINUX) + debug_decl(relabel_tty, SUDO_DEBUG_SELINUX, sudo_debug_instance) se_state.ttyfd = ptyfd; @@ -245,7 +245,7 @@ get_exec_context(security_context_t old_context, const char *role, const char *t security_context_t new_context = NULL; context_t context = NULL; char *typebuf = NULL; - debug_decl(get_exec_context, SUDO_DEBUG_SELINUX) + debug_decl(get_exec_context, SUDO_DEBUG_SELINUX, sudo_debug_instance) /* We must have a role, the type is optional (we can use the default). */ if (!role) { @@ -317,7 +317,7 @@ selinux_setup(const char *role, const char *type, const char *ttyn, int ptyfd) { int rval = -1; - debug_decl(selinux_setup, SUDO_DEBUG_SELINUX) + debug_decl(selinux_setup, SUDO_DEBUG_SELINUX, sudo_debug_instance) /* Store the caller's SID in old_context. */ if (getprevcon(&se_state.old_context)) { @@ -373,7 +373,7 @@ selinux_execve(const char *path, char *const argv[], char *const envp[], char **nargv; const char *sesh; int argc, serrno; - debug_decl(selinux_execve, SUDO_DEBUG_SELINUX) + debug_decl(selinux_execve, SUDO_DEBUG_SELINUX, sudo_debug_instance) sesh = sudo_conf_sesh_path(); if (sesh == NULL) { diff --git a/src/sesh.c b/src/sesh.c index df0b75553..dbc6afcc7 100644 --- a/src/sesh.c +++ b/src/sesh.c @@ -66,7 +66,7 @@ int main(int argc, char *argv[], char *envp[]) { int ret; - debug_decl(main, SUDO_DEBUG_MAIN) + debug_decl(main, SUDO_DEBUG_MAIN, sudo_debug_instance, SUDO_DEBUG_INSTANCE_DEFAULT) initprogname(argc > 0 ? argv[0] : "sesh"); diff --git a/src/signal.c b/src/signal.c index aa56a7e50..409159d3c 100644 --- a/src/signal.c +++ b/src/signal.c @@ -1,5 +1,5 @@ /* - * Copyright (c) 2009-2013 Todd C. Miller + * Copyright (c) 2009-2014 Todd C. Miller * * Permission to use, copy, modify, and distribute this software for any * purpose with or without fee is hereby granted, provided that the above @@ -70,7 +70,7 @@ void save_signals(void) { struct signal_state *ss; - debug_decl(save_signals, SUDO_DEBUG_MAIN) + debug_decl(save_signals, SUDO_DEBUG_MAIN, sudo_debug_instance) for (ss = saved_signals; ss->signo != -1; ss++) { if (sigaction(ss->signo, NULL, &ss->sa) != 0) @@ -87,7 +87,7 @@ void restore_signals(void) { struct signal_state *ss; - debug_decl(restore_signals, SUDO_DEBUG_MAIN) + debug_decl(restore_signals, SUDO_DEBUG_MAIN, sudo_debug_instance) for (ss = saved_signals; ss->signo != -1; ss++) { if (ss->restore) { @@ -127,7 +127,7 @@ init_signals(void) { struct sigaction sa; struct signal_state *ss; - debug_decl(init_signals, SUDO_DEBUG_MAIN) + debug_decl(init_signals, SUDO_DEBUG_MAIN, sudo_debug_instance) /* * We use a pipe to atomically handle signal notification within @@ -172,7 +172,7 @@ sudo_sigaction(int signo, struct sigaction *sa, struct sigaction *osa) { struct signal_state *ss; int rval; - debug_decl(sudo_sigaction, SUDO_DEBUG_MAIN) + debug_decl(sudo_sigaction, SUDO_DEBUG_MAIN, sudo_debug_instance) for (ss = saved_signals; ss->signo > 0; ss++) { if (ss->signo == signo) { diff --git a/src/solaris.c b/src/solaris.c index f5f288acf..4627993ef 100644 --- a/src/solaris.c +++ b/src/solaris.c @@ -71,7 +71,7 @@ set_project(struct passwd *pw) struct project proj; char buf[PROJECT_BUFSZ]; int errval; - debug_decl(set_project, SUDO_DEBUG_UTIL) + debug_decl(set_project, SUDO_DEBUG_UTIL, sudo_debug_instance) /* * Collect the default project for the user and settaskid diff --git a/src/sudo.c b/src/sudo.c index 37c4a3d30..d0ce23345 100644 --- a/src/sudo.c +++ b/src/sudo.c @@ -95,6 +95,7 @@ struct plugin_container policy_plugin; struct plugin_container_list io_plugins = TAILQ_HEAD_INITIALIZER(io_plugins); struct user_details user_details; const char *list_user; /* extern for parse_args.c */ +int sudo_debug_instance = SUDO_DEBUG_INSTANCE_INITIALIZER; static struct command_details command_details; static int sudo_mode; @@ -151,7 +152,7 @@ main(int argc, char *argv[], char *envp[]) struct sudo_settings *settings; struct plugin_container *plugin, *next; sigset_t mask; - debug_decl(main, SUDO_DEBUG_MAIN) + debug_decl(main, SUDO_DEBUG_MAIN, sudo_debug_instance) os_init(argc, argv, envp); @@ -186,6 +187,9 @@ main(int argc, char *argv[], char *envp[]) /* Read sudo.conf. */ sudo_conf_read(NULL); + /* Set debug instance to use with sudo front end (if configured). */ + sudo_debug_instance = sudo_debug_get_instance(getprogname()); + /* Fill in user_info with user name, uid, cwd, etc. */ memset(&user_details, 0, sizeof(user_details)); user_info = get_user_info(&user_details); @@ -320,7 +324,7 @@ static void fix_fds(void) { int miss[3], devnull = -1; - debug_decl(fix_fds, SUDO_DEBUG_UTIL) + debug_decl(fix_fds, SUDO_DEBUG_UTIL, sudo_debug_instance) /* * stdin, stdout and stderr must be open; set them to /dev/null @@ -352,7 +356,7 @@ static int fill_group_list(struct user_details *ud, int system_maxgroups) { int tries, rval = -1; - debug_decl(fill_group_list, SUDO_DEBUG_UTIL) + debug_decl(fill_group_list, SUDO_DEBUG_UTIL, sudo_debug_instance) /* * If user specified a max number of groups, use it, otherwise keep @@ -388,7 +392,7 @@ get_user_groups(struct user_details *ud) char *cp, *gid_list = NULL; size_t glsize; int i, len, maxgroups, group_source; - debug_decl(get_user_groups, SUDO_DEBUG_UTIL) + debug_decl(get_user_groups, SUDO_DEBUG_UTIL, sudo_debug_instance) #if defined(HAVE_SYSCONF) && defined(_SC_NGROUPS_MAX) maxgroups = (int)sysconf(_SC_NGROUPS_MAX); @@ -445,7 +449,7 @@ get_user_info(struct user_details *ud) char *cp, **user_info, cwd[PATH_MAX], host[HOST_NAME_MAX + 1]; struct passwd *pw; int fd, i = 0; - debug_decl(get_user_info, SUDO_DEBUG_UTIL) + debug_decl(get_user_info, SUDO_DEBUG_UTIL, sudo_debug_instance) /* XXX - bound check number of entries */ user_info = sudo_emallocarray(32, sizeof(char *)); @@ -538,7 +542,7 @@ command_info_to_details(char * const info[], struct command_details *details) id_t id; char *cp; const char *errstr; - debug_decl(command_info_to_details, SUDO_DEBUG_PCOMM) + debug_decl(command_info_to_details, SUDO_DEBUG_PCOMM, sudo_debug_instance) memset(details, 0, sizeof(*details)); details->closefrom = -1; @@ -742,7 +746,7 @@ sudo_check_suid(const char *sudo) char pathbuf[PATH_MAX]; struct stat sb; bool qualified; - debug_decl(sudo_check_suid, SUDO_DEBUG_PCOMM) + debug_decl(sudo_check_suid, SUDO_DEBUG_PCOMM, sudo_debug_instance) if (geteuid() != 0) { /* Search for sudo binary in PATH if not fully qualified. */ @@ -801,7 +805,7 @@ disable_coredumps(void) { #if defined(RLIMIT_CORE) struct rlimit rl; - debug_decl(disable_coredumps, SUDO_DEBUG_UTIL) + debug_decl(disable_coredumps, SUDO_DEBUG_UTIL, sudo_debug_instance) /* * Turn off core dumps? @@ -826,7 +830,7 @@ unlimit_nproc(void) { #ifdef __linux__ struct rlimit rl; - debug_decl(unlimit_nproc, SUDO_DEBUG_UTIL) + debug_decl(unlimit_nproc, SUDO_DEBUG_UTIL, sudo_debug_instance) (void) getrlimit(RLIMIT_NPROC, &nproclimit); rl.rlim_cur = rl.rlim_max = RLIM_INFINITY; @@ -846,7 +850,7 @@ static void restore_nproc(void) { #ifdef __linux__ - debug_decl(restore_nproc, SUDO_DEBUG_UTIL) + debug_decl(restore_nproc, SUDO_DEBUG_UTIL, sudo_debug_instance) (void) setrlimit(RLIMIT_NPROC, &nproclimit); @@ -862,7 +866,7 @@ bool exec_setup(struct command_details *details, const char *ptyname, int ptyfd) { bool rval = false; - debug_decl(exec_setup, SUDO_DEBUG_EXEC) + debug_decl(exec_setup, SUDO_DEBUG_EXEC, sudo_debug_instance) #ifdef HAVE_SELINUX if (ISSET(details->flags, CD_RBAC_ENABLED)) { @@ -1032,7 +1036,7 @@ run_command(struct command_details *details) struct plugin_container *plugin; struct command_status cstat; int exitcode = 1; - debug_decl(run_command, SUDO_DEBUG_EXEC) + debug_decl(run_command, SUDO_DEBUG_EXEC, sudo_debug_instance) cstat.type = CMD_INVALID; cstat.val = 0; @@ -1090,7 +1094,7 @@ format_plugin_settings(struct plugin_container *plugin, struct sudo_debug_file *debug_file; struct sudo_settings *setting; char **plugin_settings; - debug_decl(format_plugin_settings, SUDO_DEBUG_PCOMM) + debug_decl(format_plugin_settings, SUDO_DEBUG_PCOMM, sudo_debug_instance) /* XXX - should use exact plugin_settings_size */ /* Determine sudo_settings array size (including plugin_path and NULL) */ @@ -1131,7 +1135,7 @@ policy_open(struct plugin_container *plugin, struct sudo_settings *settings, { char **plugin_settings; int rval; - debug_decl(policy_open, SUDO_DEBUG_PCOMM) + debug_decl(policy_open, SUDO_DEBUG_PCOMM, sudo_debug_instance) /* Convert struct sudo_settings to plugin_settings[] */ plugin_settings = format_plugin_settings(plugin, settings); @@ -1160,7 +1164,7 @@ policy_open(struct plugin_container *plugin, struct sudo_settings *settings, static void policy_close(struct plugin_container *plugin, int exit_status, int error_code) { - debug_decl(policy_close, SUDO_DEBUG_PCOMM) + debug_decl(policy_close, SUDO_DEBUG_PCOMM, sudo_debug_instance) if (plugin->u.policy->close != NULL) { plugin->u.policy->close(exit_status, error_code); } else if (error_code) { @@ -1173,7 +1177,7 @@ policy_close(struct plugin_container *plugin, int exit_status, int error_code) static int policy_show_version(struct plugin_container *plugin, int verbose) { - debug_decl(policy_show_version, SUDO_DEBUG_PCOMM) + debug_decl(policy_show_version, SUDO_DEBUG_PCOMM, sudo_debug_instance) if (plugin->u.policy->show_version == NULL) debug_return_bool(true); debug_return_bool(plugin->u.policy->show_version(verbose)); @@ -1184,7 +1188,7 @@ policy_check(struct plugin_container *plugin, int argc, char * const argv[], char *env_add[], char **command_info[], char **argv_out[], char **user_env_out[]) { - debug_decl(policy_check, SUDO_DEBUG_PCOMM) + debug_decl(policy_check, SUDO_DEBUG_PCOMM, sudo_debug_instance) if (plugin->u.policy->check_policy == NULL) { sudo_fatalx(U_("policy plugin %s is missing the `check_policy' method"), plugin->name); @@ -1197,7 +1201,7 @@ static int policy_list(struct plugin_container *plugin, int argc, char * const argv[], int verbose, const char *list_user) { - debug_decl(policy_list, SUDO_DEBUG_PCOMM) + debug_decl(policy_list, SUDO_DEBUG_PCOMM, sudo_debug_instance) if (plugin->u.policy->list == NULL) { sudo_warnx(U_("policy plugin %s does not support listing privileges"), plugin->name); @@ -1209,7 +1213,7 @@ policy_list(struct plugin_container *plugin, int argc, char * const argv[], static int policy_validate(struct plugin_container *plugin) { - debug_decl(policy_validate, SUDO_DEBUG_PCOMM) + debug_decl(policy_validate, SUDO_DEBUG_PCOMM, sudo_debug_instance) if (plugin->u.policy->validate == NULL) { sudo_warnx(U_("policy plugin %s does not support the -v option"), plugin->name); @@ -1221,7 +1225,7 @@ policy_validate(struct plugin_container *plugin) static void policy_invalidate(struct plugin_container *plugin, int remove) { - debug_decl(policy_invalidate, SUDO_DEBUG_PCOMM) + debug_decl(policy_invalidate, SUDO_DEBUG_PCOMM, sudo_debug_instance) if (plugin->u.policy->invalidate == NULL) { sudo_fatalx(U_("policy plugin %s does not support the -k/-K options"), plugin->name); @@ -1234,7 +1238,7 @@ int policy_init_session(struct command_details *details) { int rval = true; - debug_decl(policy_init_session, SUDO_DEBUG_PCOMM) + debug_decl(policy_init_session, SUDO_DEBUG_PCOMM, sudo_debug_instance) if (policy_plugin.u.policy->init_session) { /* @@ -1260,7 +1264,7 @@ iolog_open(struct plugin_container *plugin, struct sudo_settings *settings, { char **plugin_settings; int rval; - debug_decl(iolog_open, SUDO_DEBUG_PCOMM) + debug_decl(iolog_open, SUDO_DEBUG_PCOMM, sudo_debug_instance) /* Convert struct sudo_settings to plugin_settings[] */ plugin_settings = format_plugin_settings(plugin, settings); @@ -1292,7 +1296,7 @@ iolog_open(struct plugin_container *plugin, struct sudo_settings *settings, static void iolog_close(struct plugin_container *plugin, int exit_status, int error_code) { - debug_decl(iolog_close, SUDO_DEBUG_PCOMM) + debug_decl(iolog_close, SUDO_DEBUG_PCOMM, sudo_debug_instance) if (plugin->u.io->close != NULL) plugin->u.io->close(exit_status, error_code); debug_return; @@ -1301,7 +1305,7 @@ iolog_close(struct plugin_container *plugin, int exit_status, int error_code) static int iolog_show_version(struct plugin_container *plugin, int verbose) { - debug_decl(iolog_show_version, SUDO_DEBUG_PCOMM) + debug_decl(iolog_show_version, SUDO_DEBUG_PCOMM, sudo_debug_instance) if (plugin->u.io->show_version == NULL) debug_return_bool(true); debug_return_bool(plugin->u.io->show_version(verbose)); @@ -1314,7 +1318,7 @@ iolog_show_version(struct plugin_container *plugin, int verbose) static void iolog_unlink(struct plugin_container *plugin) { - debug_decl(iolog_unlink, SUDO_DEBUG_PCOMM) + debug_decl(iolog_unlink, SUDO_DEBUG_PCOMM, sudo_debug_instance) /* Deregister hooks, if any. */ if (plugin->u.io->version >= SUDO_API_MKVERSION(1, 2)) { diff --git a/src/sudo.h b/src/sudo.h index f61e98305..d66294306 100644 --- a/src/sudo.h +++ b/src/sudo.h @@ -1,5 +1,5 @@ /* - * Copyright (c) 1993-1996, 1998-2005, 2007-2013 + * Copyright (c) 1993-1996, 1998-2005, 2007-2014 * Todd C. Miller * * Permission to use, copy, modify, and distribute this software for any @@ -205,6 +205,7 @@ int run_command(struct command_details *details); int os_init_common(int argc, char *argv[], char *envp[]); extern const char *list_user; extern struct user_details user_details; +extern int sudo_debug_instance; /* sudo_edit.c */ int sudo_edit(struct command_details *details); diff --git a/src/sudo_edit.c b/src/sudo_edit.c index e1f709631..9afd1431f 100644 --- a/src/sudo_edit.c +++ b/src/sudo_edit.c @@ -79,7 +79,7 @@ set_tmpdir(void) const char *tdir; struct stat sb; size_t len; - debug_decl(set_tmpdir, SUDO_DEBUG_EDIT) + debug_decl(set_tmpdir, SUDO_DEBUG_EDIT, sudo_debug_instance) if (stat(_PATH_VARTMP, &sb) == 0 && S_ISDIR(sb.st_mode)) { tdir = _PATH_VARTMP; @@ -107,7 +107,7 @@ static void switch_user(uid_t euid, gid_t egid, int ngroups, GETGROUPS_T *groups) { int serrno = errno; - debug_decl(switch_user, SUDO_DEBUG_EDIT) + debug_decl(switch_user, SUDO_DEBUG_EDIT, sudo_debug_instance) sudo_debug_printf(SUDO_DEBUG_INFO|SUDO_DEBUG_LINENO, "set uid:gid to %u:%u(%u)", euid, egid, ngroups ? groups[0] : egid); @@ -142,7 +142,7 @@ sudo_edit_mktemp(const char *ofile, char **tfile) { const char *cp, *suff; int tfd; - debug_decl(sudo_edit_mktemp, SUDO_DEBUG_EDIT) + debug_decl(sudo_edit_mktemp, SUDO_DEBUG_EDIT, sudo_debug_instance) if ((cp = strrchr(ofile, '/')) != NULL) cp++; @@ -176,7 +176,7 @@ sudo_edit_create_tfiles(struct command_details *command_details, ssize_t nwritten, nread; struct timeval times[2]; struct stat sb; - debug_decl(sudo_edit_create_tfiles, SUDO_DEBUG_EDIT) + debug_decl(sudo_edit_create_tfiles, SUDO_DEBUG_EDIT, sudo_debug_instance) /* * For each file specified by the user, make a temporary version @@ -271,7 +271,7 @@ sudo_edit_copy_tfiles(struct command_details *command_details, ssize_t nwritten, nread; struct timeval tv; struct stat sb; - debug_decl(sudo_edit_copy_tfiles, SUDO_DEBUG_EDIT) + debug_decl(sudo_edit_copy_tfiles, SUDO_DEBUG_EDIT, sudo_debug_instance) /* Copy contents of temp files to real ones. */ for (i = 0; i < nfiles; i++) { @@ -358,7 +358,7 @@ selinux_edit_create_tfiles(struct command_details *command_details, int i, rc, sesh_nargs; struct stat sb; struct command_details saved_command_details; - debug_decl(selinux_edit_create_tfiles, SUDO_DEBUG_EDIT); + debug_decl(selinux_edit_create_tfiles, SUDO_DEBUG_EDIT, sudo_debug_instance) /* Prepare selinux stuff (setexeccon) */ if (selinux_setup(command_details->selinux_role, @@ -449,7 +449,7 @@ selinux_edit_copy_tfiles(struct command_details *command_details, struct command_details saved_command_details; struct timeval tv; struct stat sb; - debug_decl(selinux_edit_copy_tfiles, SUDO_DEBUG_EDIT) + debug_decl(selinux_edit_copy_tfiles, SUDO_DEBUG_EDIT, sudo_debug_instance) /* Prepare selinux stuff (setexeccon) */ if (selinux_setup(command_details->selinux_role, @@ -539,7 +539,7 @@ sudo_edit(struct command_details *command_details) int editor_argc = 0, nfiles = 0; struct timeval times[2]; struct tempfile *tf = NULL; - debug_decl(sudo_edit, SUDO_DEBUG_EDIT) + debug_decl(sudo_edit, SUDO_DEBUG_EDIT, sudo_debug_instance) if (!set_tmpdir()) goto cleanup; @@ -654,7 +654,7 @@ cleanup: int sudo_edit(struct command_details *command_details) { - debug_decl(sudo_edit, SUDO_DEBUG_EDIT) + debug_decl(sudo_edit, SUDO_DEBUG_EDIT, sudo_debug_instance) debug_return_int(1); } diff --git a/src/tgetpass.c b/src/tgetpass.c index d3b19333a..ba0ceef38 100644 --- a/src/tgetpass.c +++ b/src/tgetpass.c @@ -1,5 +1,5 @@ /* - * Copyright (c) 1996, 1998-2005, 2007-2013 + * Copyright (c) 1996, 1998-2005, 2007-2014 * Todd C. Miller * * Permission to use, copy, modify, and distribute this software for any @@ -73,7 +73,7 @@ tgetpass(const char *prompt, int timeout, int flags) static const char *askpass; static char buf[SUDO_CONV_REPL_MAX + 1]; int i, input, output, save_errno, neednl = 0, need_restart; - debug_decl(tgetpass, SUDO_DEBUG_CONV) + debug_decl(tgetpass, SUDO_DEBUG_CONV, sudo_debug_instance) (void) fflush(stdout); @@ -212,7 +212,7 @@ sudo_askpass(const char *askpass, const char *prompt) sigaction_t sa, saved_sa_pipe; int pfd[2]; pid_t pid; - debug_decl(sudo_askpass, SUDO_DEBUG_CONV) + debug_decl(sudo_askpass, SUDO_DEBUG_CONV, sudo_debug_instance) if (pipe(pfd) == -1) sudo_fatal(U_("unable to create pipe")); @@ -270,7 +270,7 @@ getln(int fd, char *buf, size_t bufsiz, int feedback) ssize_t nr = -1; char *cp = buf; char c = '\0'; - debug_decl(getln, SUDO_DEBUG_CONV) + debug_decl(getln, SUDO_DEBUG_CONV, sudo_debug_instance) if (left == 0) { errno = EINVAL; @@ -327,7 +327,7 @@ int tty_present(void) { int fd; - debug_decl(tty_present, SUDO_DEBUG_UTIL) + debug_decl(tty_present, SUDO_DEBUG_UTIL, sudo_debug_instance) if ((fd = open(_PATH_TTY, O_RDWR|O_NOCTTY)) != -1) close(fd); diff --git a/src/ttyname.c b/src/ttyname.c index 565e83ec4..fc213d5bc 100644 --- a/src/ttyname.c +++ b/src/ttyname.c @@ -124,7 +124,7 @@ static char * sudo_ttyname_dev(dev_t tdev) { char *dev, *tty = NULL; - debug_decl(sudo_ttyname_dev, SUDO_DEBUG_UTIL) + debug_decl(sudo_ttyname_dev, SUDO_DEBUG_UTIL, sudo_debug_instance) /* Some versions of devname() return NULL on failure, others do not. */ dev = devname(tdev, S_IFCHR); @@ -154,7 +154,7 @@ static char * sudo_ttyname_dev(dev_t tdev) { char buf[TTYNAME_MAX], *tty; - debug_decl(sudo_ttyname_dev, SUDO_DEBUG_UTIL) + debug_decl(sudo_ttyname_dev, SUDO_DEBUG_UTIL, sudo_debug_instance) tty = _ttyname_dev(tdev, buf, sizeof(buf)); @@ -194,7 +194,7 @@ sudo_ttyname_scan(const char *dir, dev_t rdev, bool builtin) struct dirent *dp; struct stat sb; unsigned int i; - debug_decl(sudo_ttyname_scan, SUDO_DEBUG_UTIL) + debug_decl(sudo_ttyname_scan, SUDO_DEBUG_UTIL, sudo_debug_instance) if (dir[0] == '\0' || (d = opendir(dir)) == NULL) goto done; @@ -301,7 +301,7 @@ sudo_ttyname_dev(dev_t rdev) struct stat sb; size_t len; char buf[PATH_MAX], **sd, *devname, *tty = NULL; - debug_decl(sudo_ttyname_dev, SUDO_DEBUG_UTIL) + debug_decl(sudo_ttyname_dev, SUDO_DEBUG_UTIL, sudo_debug_instance) /* * First check search_devs for common tty devices. @@ -353,7 +353,7 @@ get_process_ttyname(void) struct sudo_kinfo_proc *ki_proc = NULL; size_t size = sizeof(*ki_proc); int mib[6], rc; - debug_decl(get_process_ttyname, SUDO_DEBUG_UTIL) + debug_decl(get_process_ttyname, SUDO_DEBUG_UTIL, sudo_debug_instance) /* * Lookup controlling tty for this process via sysctl. @@ -399,7 +399,7 @@ get_process_ttyname(void) struct psinfo psinfo; ssize_t nread; int fd; - debug_decl(get_process_ttyname, SUDO_DEBUG_UTIL) + debug_decl(get_process_ttyname, SUDO_DEBUG_UTIL, sudo_debug_instance) /* Try to determine the tty from pr_ttydev in /proc/pid/psinfo. */ snprintf(path, sizeof(path), "/proc/%u/psinfo", (unsigned int)getpid()); @@ -431,7 +431,7 @@ get_process_ttyname(void) size_t linesize = 0; ssize_t len; FILE *fp; - debug_decl(get_process_ttyname, SUDO_DEBUG_UTIL) + debug_decl(get_process_ttyname, SUDO_DEBUG_UTIL, sudo_debug_instance) /* Try to determine the tty from tty_nr in /proc/pid/stat. */ snprintf(path, sizeof(path), "/proc/%u/stat", (unsigned int)getpid()); @@ -477,7 +477,7 @@ get_process_ttyname(void) struct pst_status pstat; char *tty = NULL; int rc; - debug_decl(get_process_ttyname, SUDO_DEBUG_UTIL) + debug_decl(get_process_ttyname, SUDO_DEBUG_UTIL, sudo_debug_instance) /* * Determine the tty from psdev in struct pst_status. @@ -501,7 +501,7 @@ char * get_process_ttyname(void) { char *tty; - debug_decl(get_process_ttyname, SUDO_DEBUG_UTIL) + debug_decl(get_process_ttyname, SUDO_DEBUG_UTIL, sudo_debug_instance) if ((tty = ttyname(STDIN_FILENO)) == NULL) { if ((tty = ttyname(STDOUT_FILENO)) == NULL) diff --git a/src/utmp.c b/src/utmp.c index 600b53e80..3fc00586e 100644 --- a/src/utmp.c +++ b/src/utmp.c @@ -1,5 +1,5 @@ /* - * Copyright (c) 2011-2013 Todd C. Miller + * Copyright (c) 2011-2014 Todd C. Miller * * Permission to use, copy, modify, and distribute this software for any * purpose with or without fee is hereby granted, provided that the above @@ -94,7 +94,7 @@ utmp_setid(sudo_utmp_t *old, sudo_utmp_t *new) { const char *line = new->ut_line; size_t idlen; - debug_decl(utmp_setid, SUDO_DEBUG_UTMP) + debug_decl(utmp_setid, SUDO_DEBUG_UTMP, sudo_debug_instance) /* Skip over "tty" in the id if old entry did too. */ if (old != NULL) { @@ -124,7 +124,7 @@ static void utmp_settime(sudo_utmp_t *ut) { struct timeval tv; - debug_decl(utmp_settime, SUDO_DEBUG_UTMP) + debug_decl(utmp_settime, SUDO_DEBUG_UTMP, sudo_debug_instance) gettimeofday(&tv, NULL); @@ -145,7 +145,7 @@ static void utmp_fill(const char *line, const char *user, sudo_utmp_t *ut_old, sudo_utmp_t *ut_new) { - debug_decl(utmp_file, SUDO_DEBUG_UTMP) + debug_decl(utmp_file, SUDO_DEBUG_UTMP, sudo_debug_instance) if (ut_old == NULL) { memset(ut_new, 0, sizeof(*ut_new)); @@ -187,7 +187,7 @@ utmp_login(const char *from_line, const char *to_line, int ttyfd, { sudo_utmp_t utbuf, *ut_old = NULL; bool rval = false; - debug_decl(utmp_login, SUDO_DEBUG_UTMP) + debug_decl(utmp_login, SUDO_DEBUG_UTMP, sudo_debug_instance) /* Strip off /dev/ prefix from line as needed. */ if (strncmp(to_line, _PATH_DEV, sizeof(_PATH_DEV) - 1) == 0) @@ -215,7 +215,7 @@ utmp_logout(const char *line, int status) { bool rval = false; sudo_utmp_t *ut, utbuf; - debug_decl(utmp_logout, SUDO_DEBUG_UTMP) + debug_decl(utmp_logout, SUDO_DEBUG_UTMP, sudo_debug_instance) /* Strip off /dev/ prefix from line as needed. */ if (strncmp(line, _PATH_DEV, sizeof(_PATH_DEV) - 1) == 0) @@ -252,7 +252,7 @@ utmp_slot(const char *line, int ttyfd) { int slot = 1; struct ttyent *tty; - debug_decl(utmp_slot, SUDO_DEBUG_UTMP) + debug_decl(utmp_slot, SUDO_DEBUG_UTMP, sudo_debug_instance) setttyent(); while ((tty = getttyent()) != NULL) { @@ -268,7 +268,7 @@ static int utmp_slot(const char *line, int ttyfd) { int sfd, slot; - debug_decl(utmp_slot, SUDO_DEBUG_UTMP) + debug_decl(utmp_slot, SUDO_DEBUG_UTMP, sudo_debug_instance) /* * Temporarily point stdin to the tty since ttyslot() @@ -295,7 +295,7 @@ utmp_login(const char *from_line, const char *to_line, int ttyfd, bool rval = false; int slot; FILE *fp; - debug_decl(utmp_login, SUDO_DEBUG_UTMP) + debug_decl(utmp_login, SUDO_DEBUG_UTMP, sudo_debug_instance) /* Strip off /dev/ prefix from line as needed. */ if (strncmp(to_line, _PATH_DEV, sizeof(_PATH_DEV) - 1) == 0) @@ -347,7 +347,7 @@ utmp_logout(const char *line, int status) sudo_utmp_t utbuf; bool rval = false; FILE *fp; - debug_decl(utmp_logout, SUDO_DEBUG_UTMP) + debug_decl(utmp_logout, SUDO_DEBUG_UTMP, sudo_debug_instance) if ((fp = fopen(_PATH_UTMP, "r+")) == NULL) debug_return_int(rval);