From: Todd C. Miller <Todd.Miller@courtesan.com>
Date: Fri, 12 May 2017 16:02:18 +0000 (-0600)
Subject: Use debug logging instead of ignore_result() where possible.
X-Git-Tag: SUDO_1_8_21^2~81
X-Git-Url: https://granicus.if.org/sourcecode?a=commitdiff_plain;h=a842913aa7f0faa586f925775f11fbaa71095635;p=sudo

Use debug logging instead of ignore_result() where possible.
---

diff --git a/plugins/sudoers/iolog.c b/plugins/sudoers/iolog.c
index 38388fedb..18543ff01 100644
--- a/plugins/sudoers/iolog.c
+++ b/plugins/sudoers/iolog.c
@@ -103,10 +103,20 @@ io_mkdirs(char *path)
     }
     if (ok) {
 	if (S_ISDIR(sb.st_mode)) {
-	    if (sb.st_uid != iolog_uid || sb.st_gid != iolog_gid)
-		ignore_result(chown(path, iolog_uid, iolog_gid));
-	    if ((sb.st_mode & ALLPERMS) != iolog_dirmode)
-		ignore_result(chmod(path, iolog_dirmode));
+	    if (sb.st_uid != iolog_uid || sb.st_gid != iolog_gid) {
+		if (chown(path, iolog_uid, iolog_gid) != 0) {
+		    sudo_debug_printf(SUDO_DEBUG_ERROR|SUDO_DEBUG_ERRNO,
+			"%s: unable to chown %d:%d %s", __func__,
+			(int)iolog_uid, (int)iolog_gid, path);
+		}
+	    }
+	    if ((sb.st_mode & ALLPERMS) != iolog_dirmode) {
+		if (chmod(path, iolog_dirmode) != 0) {
+		    sudo_debug_printf(SUDO_DEBUG_ERROR|SUDO_DEBUG_ERRNO,
+			"%s: unable to chmod 0%o %s", __func__,
+			(int)iolog_dirmode, path);
+		}
+	    }
 	} else {
 	    sudo_warnx(U_("%s exists but is not a directory (0%o)"),
 		path, (unsigned int) sb.st_mode);
@@ -135,7 +145,11 @@ io_mkdirs(char *path)
 	    if (!ok)
 		sudo_warn(U_("unable to mkdir %s"), path);
 	} else {
-	    ignore_result(chown(path, iolog_uid, iolog_gid));
+	    if (chown(path, iolog_uid, iolog_gid) != 0) {
+		sudo_debug_printf(SUDO_DEBUG_ERROR|SUDO_DEBUG_ERRNO,
+		    "%s: unable to chown %d:%d %s", __func__,
+		    (int)iolog_uid, (int)iolog_gid, path);
+	    }
 	}
     }
     if (uid_changed) {
@@ -405,7 +419,11 @@ io_nextid(char *iolog_dir, char *iolog_dir_fallback, char sessid[7])
 	goto done;
     }
     sudo_lock_file(fd, SUDO_LOCK);
-    ignore_result(fchown(fd, iolog_uid, iolog_gid));
+    if (fchown(fd, iolog_uid, iolog_gid) != 0) {
+	sudo_debug_printf(SUDO_DEBUG_ERROR|SUDO_DEBUG_ERRNO,
+	    "%s: unable to fchown %d:%d %s", __func__,
+	    (int)iolog_uid, (int)iolog_gid, pathbuf);
+    }
 
     /*
      * If there is no seq file in iolog_dir and a fallback dir was
@@ -421,7 +439,11 @@ io_nextid(char *iolog_dir, char *iolog_dir_fallback, char sessid[7])
 	if (len > 0 && (size_t)len < sizeof(fallback)) {
 	    int fd2 = io_open(fallback, O_RDWR|O_CREAT, iolog_filemode);
 	    if (fd2 != -1) {
-		ignore_result(fchown(fd2, iolog_uid, iolog_gid));
+		if (fchown(fd2, iolog_uid, iolog_gid) != 0) {
+		    sudo_debug_printf(SUDO_DEBUG_ERROR|SUDO_DEBUG_ERRNO,
+			"%s: unable to fchown %d:%d %s", __func__,
+			(int)iolog_uid, (int)iolog_gid, fallback);
+		}
 		nread = read(fd2, buf, sizeof(buf) - 1);
 		if (nread > 0) {
 		    if (buf[nread - 1] == '\n')
@@ -541,7 +563,11 @@ open_io_fd(char *pathbuf, size_t len, struct io_log_file *iol, bool docompress)
     if (iol->enabled) {
 	int fd = io_open(pathbuf, O_CREAT|O_TRUNC|O_WRONLY, iolog_filemode);
 	if (fd != -1) {
-	    ignore_result(fchown(fd, iolog_uid, iolog_gid));
+	    if (fchown(fd, iolog_uid, iolog_gid) != 0) {
+		sudo_debug_printf(SUDO_DEBUG_ERROR|SUDO_DEBUG_ERRNO,
+		    "%s: unable to fchown %d:%d %s", __func__,
+		    (int)iolog_uid, (int)iolog_gid, pathbuf);
+	    }
 	    (void)fcntl(fd, F_SETFD, FD_CLOEXEC);
 #ifdef HAVE_ZLIB_H
 	    if (docompress)
@@ -777,7 +803,11 @@ write_info_log(char *pathbuf, size_t len, struct iolog_details *details,
 	log_warning(SLOG_SEND_MAIL, N_("unable to create %s"), pathbuf);
 	debug_return_bool(false);
     }
-    ignore_result(fchown(fd, iolog_uid, iolog_gid));
+    if (fchown(fd, iolog_uid, iolog_gid) != 0) {
+	sudo_debug_printf(SUDO_DEBUG_ERROR|SUDO_DEBUG_ERRNO,
+	    "%s: unable to fchown %d:%d %s", __func__,
+	    (int)iolog_uid, (int)iolog_gid, pathbuf);
+    }
 
     fprintf(fp, "%lld:%s:%s:%s:%s:%d:%d\n%s\n%s", (long long)now->tv_sec,
 	details->user ? details->user : "unknown", details->runas_pw->pw_name,
diff --git a/plugins/sudoers/mkdir_parents.c b/plugins/sudoers/mkdir_parents.c
index 335a35704..36e6ffb97 100644
--- a/plugins/sudoers/mkdir_parents.c
+++ b/plugins/sudoers/mkdir_parents.c
@@ -51,8 +51,13 @@ sudo_mkdir_parents(char *path, uid_t uid, gid_t gid, mode_t mode, bool quiet)
 	    "mkdir %s, mode 0%o, uid %d, gid %d", path, (unsigned int)mode,
 	    (int)uid, (int)gid);
 	if (mkdir(path, mode) == 0) {
-	    if (uid != (uid_t)-1 && gid != (gid_t)-1)
-		ignore_result(chown(path, uid, gid));
+	    if (uid != (uid_t)-1 && gid != (gid_t)-1) {
+		if (chown(path, uid, gid) != 0) {
+		    sudo_debug_printf(SUDO_DEBUG_ERROR|SUDO_DEBUG_ERRNO,
+			"%s: unable to chown %d:%d %s", __func__,
+			(int)uid, (int)gid, path);
+		}
+	    }
 	} else {
 	    if (errno != EEXIST) {
 		if (!quiet)
diff --git a/plugins/sudoers/set_perms.c b/plugins/sudoers/set_perms.c
index 000f33f2c..20890a920 100644
--- a/plugins/sudoers/set_perms.c
+++ b/plugins/sudoers/set_perms.c
@@ -1181,8 +1181,13 @@ restore_perms(void)
      */
     if (OID(euid) == ROOT_UID) {
 	/* setuid() may not set the saved ID unless the euid is ROOT_UID */
-	if (ID(euid) != ROOT_UID)
-	    ignore_result(setreuid(-1, ROOT_UID));
+	if (ID(euid) != ROOT_UID) {
+	    if (setreuid(-1, ROOT_UID) != 0) {
+		sudo_debug_printf(SUDO_DEBUG_ERROR|SUDO_DEBUG_ERRNO,
+		    "setreuid() [%d, %d] -> [-1, %d)", (int)state->ruid,
+		    (int)state->euid, ROOT_UID);
+	    }
+	}
 	if (setuid(ROOT_UID)) {
 	    sudo_warn("setuid() [%d, %d] -> %d)", (int)state->ruid,
 		(int)state->euid, ROOT_UID);
diff --git a/plugins/sudoers/timestamp.c b/plugins/sudoers/timestamp.c
index 8c2b0c7bd..d0d73a947 100644
--- a/plugins/sudoers/timestamp.c
+++ b/plugins/sudoers/timestamp.c
@@ -170,7 +170,11 @@ ts_mkdirs(char *path, uid_t owner, gid_t group, mode_t mode,
 		sudo_warn(U_("unable to mkdir %s"), path);
 	    ret = false;
 	} else {
-	    ignore_result(chown(path, owner, group));
+	    if (chown(path, owner, group) != 0) {
+		sudo_debug_printf(SUDO_DEBUG_ERROR|SUDO_DEBUG_ERRNO,
+		    "%s: unable to chown %d:%d %s", __func__,
+		    (int)owner, (int)group, path);
+	    }
 	}
     }
     umask(omask);
diff --git a/plugins/sudoers/visudo.c b/plugins/sudoers/visudo.c
index 3a4c8dca4..e9254ab92 100644
--- a/plugins/sudoers/visudo.c
+++ b/plugins/sudoers/visudo.c
@@ -697,10 +697,20 @@ install_sudoers(struct sudoersfile *sp, bool oldperms)
 	 */
 	(void) unlink(sp->tpath);
 	if (!oldperms && fstat(sp->fd, &sb) != -1) {
-	    if (sb.st_uid != sudoers_uid || sb.st_gid != sudoers_gid)
-		ignore_result(chown(sp->path, sudoers_uid, sudoers_gid));
-	    if ((sb.st_mode & ACCESSPERMS) != sudoers_mode)
-		ignore_result(chmod(sp->path, sudoers_mode));
+	    if (sb.st_uid != sudoers_uid || sb.st_gid != sudoers_gid) {
+		if (chown(sp->path, sudoers_uid, sudoers_gid) != 0) {
+		    sudo_debug_printf(SUDO_DEBUG_ERROR|SUDO_DEBUG_ERRNO,
+			"%s: unable to chown %d:%d %s", __func__,
+			(int)sudoers_uid, (int)sudoers_gid, sp->path);
+		}
+	    }
+	    if ((sb.st_mode & ACCESSPERMS) != sudoers_mode) {
+		if (chmod(sp->path, sudoers_mode) != 0) {
+		    sudo_debug_printf(SUDO_DEBUG_ERROR|SUDO_DEBUG_ERRNO,
+			"%s: unable to chmod 0%o %s", __func__,
+			(int)sudoers_mode, sp->path);
+		}
+	    }
 	}
 	ret = true;
 	goto done;