From 1025a2ec062047778fa2e267a036970c89d3c5ca Mon Sep 17 00:00:00 2001 From: "Todd C. Miller" Date: Tue, 15 Jun 2010 16:11:25 -0400 Subject: [PATCH] Add -f (filter) option to sudoreplay to allow certain streams to be replayed and others ignored. --- doc/sudoreplay.cat | 84 ++++++++++++++++++------------------ doc/sudoreplay.man.in | 11 ++++- doc/sudoreplay.pod | 10 ++++- plugins/sudoers/sudoreplay.c | 38 +++++++++++----- 4 files changed, 87 insertions(+), 56 deletions(-) diff --git a/doc/sudoreplay.cat b/doc/sudoreplay.cat index ccc48c396..67eea2fef 100644 --- a/doc/sudoreplay.cat +++ b/doc/sudoreplay.cat @@ -8,7 +8,8 @@ NNAAMMEE sudoreplay - replay sudo session logs SSYYNNOOPPSSIISS - ssuuddoorreeppllaayy [--dd _d_i_r_e_c_t_o_r_y] [--mm _m_a_x___w_a_i_t] [--ss _s_p_e_e_d___f_a_c_t_o_r] ID + ssuuddoorreeppllaayy [--dd _d_i_r_e_c_t_o_r_y] [--ff _f_i_l_t_e_r] [--mm _m_a_x___w_a_i_t] [--ss _s_p_e_e_d___f_a_c_t_o_r] + ID ssuuddoorreeppllaayy [--dd _d_i_r_e_c_t_o_r_y] -l [search expression] @@ -40,6 +41,12 @@ OOPPTTIIOONNSS Use _d_i_r_e_c_t_o_r_y to for the session logs instead of the default, _/_v_a_r_/_l_o_g_/_s_u_d_o_-_i_o. + -f _f_i_l_t_e_r By default, ssuuddoorreeppllaayy will play back the command's + standard output, standard error and tty output. The _-_f + option can be used to select which of these to output. The + _f_i_l_t_e_r argument is a comma-separated list, consisting of + one or more of following: _s_t_d_o_u_t, _s_t_d_e_r_r, and _t_t_y_o_u_t. + -l Enable "list mode". In this mode, ssuuddoorreeppllaayy will list available session IDs. If a _s_e_a_r_c_h _e_x_p_r_e_s_s_i_o_n is specified, it will be used to restrict the IDs that are @@ -51,24 +58,24 @@ OOPPTTIIOONNSS _c_o_m_m_a_n_d _p_a_t_t_e_r_n. On systems with POSIX regular expression support, the pattern may be an extended regular expression. On systems without POSIX - regular expression support, a simple substring - match is performed instead. - cwd _d_i_r_e_c_t_o_r_y - Evaluates to true if the command was run with the - specified current working directory. +1.8.0b1 June 15, 2010 1 -1.8.0b1 June 11, 2010 1 +SUDOREPLAY(1m) MAINTENANCE COMMANDS SUDOREPLAY(1m) -SUDOREPLAY(1m) MAINTENANCE COMMANDS SUDOREPLAY(1m) + regular expression support, a simple substring + match is performed instead. + cwd _d_i_r_e_c_t_o_r_y + Evaluates to true if the command was run with the + specified current working directory. fromdate _d_a_t_e Evaluates to true if the command was run on or @@ -117,17 +124,10 @@ SUDOREPLAY(1m) MAINTENANCE COMMANDS SUDOREPLAY(1m) session includes long pauses. When the _-_m option is specified, ssuuddoorreeppllaayy will limit these pauses to at most _m_a_x___w_a_i_t seconds. The value may be specified as a floating - point number, .e.g. _2_._5. - -s _s_p_e_e_d___f_a_c_t_o_r - This option causes ssuuddoorreeppllaayy to adjust the number of - seconds it will wait between key presses or program output. - This can be used to slow down or speed up the display. For - example, a _s_p_e_e_d___f_a_c_t_o_r of _2 would make the output twice as - -1.8.0b1 June 11, 2010 2 +1.8.0b1 June 15, 2010 2 @@ -136,6 +136,13 @@ SUDOREPLAY(1m) MAINTENANCE COMMANDS SUDOREPLAY(1m) SUDOREPLAY(1m) MAINTENANCE COMMANDS SUDOREPLAY(1m) + point number, .e.g. _2_._5. + + -s _s_p_e_e_d___f_a_c_t_o_r + This option causes ssuuddoorreeppllaayy to adjust the number of + seconds it will wait between key presses or program output. + This can be used to slow down or speed up the display. For + example, a _s_p_e_e_d___f_a_c_t_o_r of _2 would make the output twice as fast whereas a _s_p_e_e_d___f_a_c_t_o_r of <.5> would make the output twice as slow. @@ -182,18 +189,11 @@ SUDOREPLAY(1m) MAINTENANCE COMMANDS SUDOREPLAY(1m) next Friday The first second of the next Friday. - this week - The current time but the first day of the coming week. - - a fortnight ago - The current time but 14 days ago. - 10:01 am 9/17/2009 - 10:01 am, September 17, 2009. -1.8.0b1 June 11, 2010 3 +1.8.0b1 June 15, 2010 3 @@ -202,6 +202,15 @@ SUDOREPLAY(1m) MAINTENANCE COMMANDS SUDOREPLAY(1m) SUDOREPLAY(1m) MAINTENANCE COMMANDS SUDOREPLAY(1m) + this week + The current time but the first day of the coming week. + + a fortnight ago + The current time but 14 days ago. + + 10:01 am 9/17/2009 + 10:01 am, September 17, 2009. + 10:01 am 10:01 am on the current day. @@ -247,26 +256,27 @@ EEXXAAMMPPLLEESS List sessions run by user _b_o_b with a command containing the string vi: - sudoreplay -l user bob command vi - List sessions run by user _j_e_f_f that match a regular expression: - sudoreplay -l user jeff command '/bin/[a-z]*sh' - List sessions run by jeff or bob on the console: +1.8.0b1 June 15, 2010 4 - sudoreplay -l ( user jeff or user bob ) tty console -1.8.0b1 June 11, 2010 4 +SUDOREPLAY(1m) MAINTENANCE COMMANDS SUDOREPLAY(1m) + sudoreplay -l user bob command vi + List sessions run by user _j_e_f_f that match a regular expression: -SUDOREPLAY(1m) MAINTENANCE COMMANDS SUDOREPLAY(1m) + sudoreplay -l user jeff command '/bin/[a-z]*sh' + + List sessions run by jeff or bob on the console: + sudoreplay -l ( user jeff or user bob ) tty console SSEEEE AALLSSOO _s_u_d_o(1m), _s_c_r_i_p_t(1) @@ -315,16 +325,6 @@ DDIISSCCLLAAIIMMEERR - - - - - - - - - - -1.8.0b1 June 11, 2010 5 +1.8.0b1 June 15, 2010 5 diff --git a/doc/sudoreplay.man.in b/doc/sudoreplay.man.in index 222dd1f03..94bf2ff8e 100644 --- a/doc/sudoreplay.man.in +++ b/doc/sudoreplay.man.in @@ -139,7 +139,7 @@ .\" ======================================================================== .\" .IX Title "SUDOREPLAY @mansectsu@" -.TH SUDOREPLAY @mansectsu@ "June 11, 2010" "1.8.0b1" "MAINTENANCE COMMANDS" +.TH SUDOREPLAY @mansectsu@ "June 15, 2010" "1.8.0b1" "MAINTENANCE COMMANDS" .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l @@ -148,7 +148,7 @@ sudoreplay \- replay sudo session logs .SH "SYNOPSIS" .IX Header "SYNOPSIS" -\&\fBsudoreplay\fR [\fB\-d\fR \fIdirectory\fR] [\fB\-m\fR \fImax_wait\fR] [\fB\-s\fR \fIspeed_factor\fR] \s-1ID\s0 +\&\fBsudoreplay\fR [\fB\-d\fR \fIdirectory\fR] [\fB\-f\fR \fIfilter\fR] [\fB\-m\fR \fImax_wait\fR] [\fB\-s\fR \fIspeed_factor\fR] \s-1ID\s0 .PP \&\fBsudoreplay\fR [\fB\-d\fR \fIdirectory\fR] \-l [search expression] .SH "DESCRIPTION" @@ -180,6 +180,13 @@ Double the playback speed. .IX Item "-d directory" Use \fIdirectory\fR to for the session logs instead of the default, \&\fI/var/log/sudo\-io\fR. +.IP "\-f \fIfilter\fR" 12 +.IX Item "-f filter" +By default, \fBsudoreplay\fR will play back the command's standard +output, standard error and tty output. The \fI\-f\fR option can be +used to select which of these to output. The \fIfilter\fR argument +is a comma-separated list, consisting of one or more of following: +\&\fIstdout\fR, \fIstderr\fR, and \fIttyout\fR. .IP "\-l" 12 .IX Item "-l" Enable \*(L"list mode\*(R". In this mode, \fBsudoreplay\fR will list available diff --git a/doc/sudoreplay.pod b/doc/sudoreplay.pod index 568de5ce1..c36f9133e 100644 --- a/doc/sudoreplay.pod +++ b/doc/sudoreplay.pod @@ -21,7 +21,7 @@ sudoreplay - replay sudo session logs =head1 SYNOPSIS -B [B<-d> I] [B<-m> I] [B<-s> I] ID +B [B<-d> I] [B<-f> I] [B<-m> I] [B<-s> I] ID B [B<-d> I] -l [search expression] @@ -68,6 +68,14 @@ B accepts the following command line options: Use I to for the session logs instead of the default, F. +=item -f I + +By default, B will play back the command's standard +output, standard error and tty output. The I<-f> option can be +used to select which of these to output. The I argument +is a comma-separated list, consisting of one or more of following: +I, I, and I. + =item -l Enable "list mode". In this mode, B will list available diff --git a/plugins/sudoers/sudoreplay.c b/plugins/sudoers/sudoreplay.c index acce39a68..1e41816a0 100644 --- a/plugins/sudoers/sudoreplay.c +++ b/plugins/sudoers/sudoreplay.c @@ -97,6 +97,10 @@ #define IOFD_TIMING 5 #define IOFD_MAX 6 +/* Bitmap of iofds to be replayed */ +unsigned int replay_filter = (1 << IOFD_STDOUT) | (1 << IOFD_STDERR) | + (1 << IOFD_TTYOUT); + /* For getopt(3) */ extern char *optarg; extern int optind; @@ -216,11 +220,25 @@ main(int argc, char *argv[]) setprogname(argc > 0 ? argv[0] : "sudoreplay"); #endif - while ((ch = getopt(argc, argv, "d:lm:s:V")) != -1) { + while ((ch = getopt(argc, argv, "d:f:lm:s:V")) != -1) { switch(ch) { case 'd': session_dir = optarg; break; + case 'f': + /* Set the replay filter. */ + replay_filter = 0; + for (cp = strtok(optarg, ","); cp; cp = strtok(NULL, ",")) { + if (strcmp(cp, "stdout") == 0) + SET(replay_filter, 1 << IOFD_STDOUT); + else if (strcmp(cp, "stderr") == 0) + SET(replay_filter, 1 << IOFD_STDERR); + else if (strcmp(cp, "ttyout") == 0) + SET(replay_filter, 1 << IOFD_TTYOUT); + else + errorx(1, "invalid filter option: %s", optarg); + } + break; case 'l': listonly = 1; break; @@ -266,14 +284,13 @@ main(int argc, char *argv[]) id, &id[2], &id[4], strerror(ENAMETOOLONG)); plen -= 7; - /* Open files for replay */ + /* Open files for replay, applying replay filter for the -f flag. */ for (idx = 0; idx < IOFD_MAX; idx++) { - /* Don't support replaying input. */ - if (idx == IOFD_STDIN || idx == IOFD_TTYIN) - continue; - io_fds[idx].v = open_io_fd(path, plen, io_fnames[idx]); - if (io_fds[idx].v == NULL) - error(1, "unable to open %s", path); + if (ISSET(replay_filter, 1 << idx) || idx == IOFD_TIMING) { + io_fds[idx].v = open_io_fd(path, plen, io_fnames[idx]); + if (io_fds[idx].v == NULL) + error(1, "unable to open %s", path); + } } /* Read log file. */ @@ -352,12 +369,11 @@ main(int argc, char *argv[]) to_wait = max_wait; delay(to_wait); - /* We don't replay input (but we still have to delay). */ - if (idx == IOFD_STDIN || idx == IOFD_TTYIN) + /* Even if we are not relaying, we still have to delay. */ + if (io_fds[idx].v == NULL) continue; /* All output is sent to stdout. */ - /* XXX - add flags to allow use to select which ones */ while (nbytes != 0) { if (nbytes > sizeof(buf)) len = sizeof(buf); -- 2.40.0