Annotation of embedaddon/sudo/plugins/sudoers/iolog.c, revision 1.1.1.3
1.1 misho 1: /*
2: * Copyright (c) 2009-2011 Todd C. Miller <Todd.Miller@courtesan.com>
3: *
4: * Permission to use, copy, modify, and distribute this software for any
5: * purpose with or without fee is hereby granted, provided that the above
6: * copyright notice and this permission notice appear in all copies.
7: *
8: * THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES
9: * WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF
10: * MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR
11: * ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES
12: * WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN
13: * ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF
14: * OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
15: */
16:
17: #include <config.h>
18:
19: #include <sys/types.h>
20: #include <sys/param.h>
21: #include <sys/stat.h>
22: #include <sys/time.h>
23: #include <stdio.h>
24: #ifdef STDC_HEADERS
25: # include <stdlib.h>
26: # include <stddef.h>
27: #else
28: # ifdef HAVE_STDLIB_H
29: # include <stdlib.h>
30: # endif
31: #endif /* STDC_HEADERS */
32: #ifdef HAVE_STRING_H
33: # include <string.h>
34: #endif /* HAVE_STRING_H */
35: #ifdef HAVE_STRINGS_H
36: # include <strings.h>
37: #endif /* HAVE_STRINGS_H */
38: #ifdef HAVE_UNISTD_H
39: # include <unistd.h>
40: #endif /* HAVE_UNISTD_H */
41: #if TIME_WITH_SYS_TIME
42: # include <time.h>
43: #endif
44: #include <errno.h>
45: #include <fcntl.h>
46: #include <signal.h>
47: #include <setjmp.h>
48: #include <pwd.h>
49: #include <grp.h>
50: #ifdef HAVE_ZLIB_H
51: # include <zlib.h>
52: #endif
53:
54: #include "sudoers.h"
55:
56: /* plugin_error.c */
57: extern sigjmp_buf error_jmp;
58:
59: union io_fd {
60: FILE *f;
61: #ifdef HAVE_ZLIB_H
62: gzFile g;
63: #endif
64: void *v;
65: };
66:
67: struct script_buf {
68: int len; /* buffer length (how much read in) */
69: int off; /* write position (how much already consumed) */
70: char buf[16 * 1024];
71: };
72:
73: /* XXX - separate sudoers.h and iolog.h? */
74: #undef runas_pw
75: #undef runas_gr
76:
77: struct iolog_details {
78: const char *cwd;
79: const char *tty;
80: const char *user;
81: const char *command;
82: const char *iolog_path;
83: struct passwd *runas_pw;
84: struct group *runas_gr;
85: int iolog_stdin;
86: int iolog_stdout;
87: int iolog_stderr;
88: int iolog_ttyin;
89: int iolog_ttyout;
90: };
91:
92: #define IOFD_STDIN 0
93: #define IOFD_STDOUT 1
94: #define IOFD_STDERR 2
95: #define IOFD_TTYIN 3
96: #define IOFD_TTYOUT 4
97: #define IOFD_TIMING 5
98: #define IOFD_MAX 6
99:
100: #define SESSID_MAX 2176782336U
101:
102: static int iolog_compress;
103: static struct timeval last_time;
104: static union io_fd io_fds[IOFD_MAX];
105: extern struct io_plugin sudoers_io;
106:
107: /*
108: * Create parent directories for path as needed, but not path itself.
109: */
110: static void
111: mkdir_parents(char *path)
112: {
113: struct stat sb;
114: char *slash = path;
1.1.1.2 misho 115: debug_decl(mkdir_parents, SUDO_DEBUG_UTIL)
1.1 misho 116:
117: for (;;) {
118: if ((slash = strchr(slash + 1, '/')) == NULL)
119: break;
120: *slash = '\0';
121: if (stat(path, &sb) != 0) {
122: if (mkdir(path, S_IRWXU) != 0)
1.1.1.2 misho 123: log_fatal(USE_ERRNO, _("unable to mkdir %s"), path);
1.1 misho 124: } else if (!S_ISDIR(sb.st_mode)) {
1.1.1.2 misho 125: log_fatal(0, _("%s: %s"), path, strerror(ENOTDIR));
1.1 misho 126: }
127: *slash = '/';
128: }
1.1.1.2 misho 129: debug_return;
1.1 misho 130: }
131:
132: /*
133: * Read the on-disk sequence number, set sessid to the next
134: * number, and update the on-disk copy.
135: * Uses file locking to avoid sequence number collisions.
136: */
137: void
1.1.1.3 ! misho 138: io_nextid(char *iolog_dir, char *iolog_dir_fallback, char sessid[7])
1.1 misho 139: {
140: struct stat sb;
141: char buf[32], *ep;
142: int fd, i;
143: unsigned long id = 0;
144: int len;
145: ssize_t nread;
146: char pathbuf[PATH_MAX];
147: static const char b36char[] = "0123456789ABCDEFGHIJKLMNOPQRSTUVWXYZ";
1.1.1.2 misho 148: debug_decl(io_nextid, SUDO_DEBUG_UTIL)
1.1 misho 149:
150: /*
151: * Create I/O log directory if it doesn't already exist.
152: */
153: mkdir_parents(iolog_dir);
154: if (stat(iolog_dir, &sb) != 0) {
155: if (mkdir(iolog_dir, S_IRWXU) != 0)
1.1.1.2 misho 156: log_fatal(USE_ERRNO, _("unable to mkdir %s"), iolog_dir);
1.1 misho 157: } else if (!S_ISDIR(sb.st_mode)) {
1.1.1.2 misho 158: log_fatal(0, _("%s exists but is not a directory (0%o)"),
1.1 misho 159: iolog_dir, (unsigned int) sb.st_mode);
160: }
161:
162: /*
163: * Open sequence file
164: */
165: len = snprintf(pathbuf, sizeof(pathbuf), "%s/seq", iolog_dir);
166: if (len <= 0 || len >= sizeof(pathbuf)) {
167: errno = ENAMETOOLONG;
1.1.1.2 misho 168: log_fatal(USE_ERRNO, "%s/seq", pathbuf);
1.1 misho 169: }
170: fd = open(pathbuf, O_RDWR|O_CREAT, S_IRUSR|S_IWUSR);
171: if (fd == -1)
1.1.1.2 misho 172: log_fatal(USE_ERRNO, _("unable to open %s"), pathbuf);
1.1 misho 173: lock_file(fd, SUDO_LOCK);
174:
1.1.1.3 ! misho 175: /*
! 176: * If there is no seq file in iolog_dir and a fallback dir was
! 177: * specified, look for seq in the fallback dir. This is to work
! 178: * around a bug in sudo 1.8.5 and older where iolog_dir was not
! 179: * expanded before the sequence number was updated.
! 180: */
! 181: if (iolog_dir_fallback != NULL && fstat(fd, &sb) == 0 && sb.st_size == 0) {
! 182: char fallback[PATH_MAX];
! 183:
! 184: len = snprintf(fallback, sizeof(fallback), "%s/seq",
! 185: iolog_dir_fallback);
! 186: if (len > 0 && len < sizeof(fallback)) {
! 187: int fd2 = open(fallback, O_RDWR|O_CREAT, S_IRUSR|S_IWUSR);
! 188: if (fd2 != -1) {
! 189: nread = read(fd2, buf, sizeof(buf));
! 190: if (nread > 0) {
! 191: id = strtoul(buf, &ep, 36);
! 192: if (buf == ep || id >= SESSID_MAX)
! 193: id = 0;
! 194: }
! 195: close(fd2);
! 196: }
! 197: }
! 198: }
! 199:
! 200: /* Read current seq number (base 36). */
! 201: if (id == 0) {
! 202: nread = read(fd, buf, sizeof(buf));
! 203: if (nread != 0) {
! 204: if (nread == -1)
! 205: log_fatal(USE_ERRNO, _("unable to read %s"), pathbuf);
! 206: id = strtoul(buf, &ep, 36);
! 207: if (buf == ep || id >= SESSID_MAX)
! 208: log_fatal(0, _("invalid sequence number %s"), pathbuf);
! 209: }
1.1 misho 210: }
211: id++;
212:
213: /*
214: * Convert id to a string and stash in sessid.
215: * Note that that least significant digits go at the end of the string.
216: */
217: for (i = 5; i >= 0; i--) {
218: buf[i] = b36char[id % 36];
219: id /= 36;
220: }
221: buf[6] = '\n';
222:
1.1.1.2 misho 223: /* Stash id for logging purposes. */
1.1 misho 224: memcpy(sessid, buf, 6);
225: sessid[6] = '\0';
226:
227: /* Rewind and overwrite old seq file. */
1.1.1.3 ! misho 228: if (lseek(fd, (off_t)0, SEEK_SET) == (off_t)-1 || write(fd, buf, 7) != 7)
1.1.1.2 misho 229: log_fatal(USE_ERRNO, _("unable to write to %s"), pathbuf);
1.1 misho 230: close(fd);
1.1.1.2 misho 231:
232: debug_return;
1.1 misho 233: }
234:
235: /*
236: * Copy iolog_path to pathbuf and create the directory and any intermediate
237: * directories. If iolog_path ends in 'XXXXXX', use mkdtemp().
238: */
239: static size_t
240: mkdir_iopath(const char *iolog_path, char *pathbuf, size_t pathsize)
241: {
242: size_t len;
1.1.1.2 misho 243: debug_decl(mkdir_iopath, SUDO_DEBUG_UTIL)
1.1 misho 244:
245: len = strlcpy(pathbuf, iolog_path, pathsize);
246: if (len >= pathsize) {
247: errno = ENAMETOOLONG;
1.1.1.2 misho 248: log_fatal(USE_ERRNO, "%s", iolog_path);
1.1 misho 249: }
250:
251: /*
252: * Create path and intermediate subdirs as needed.
253: * If path ends in at least 6 Xs (ala POSIX mktemp), use mkdtemp().
254: */
255: mkdir_parents(pathbuf);
256: if (len >= 6 && strcmp(&pathbuf[len - 6], "XXXXXX") == 0) {
257: if (mkdtemp(pathbuf) == NULL)
1.1.1.2 misho 258: log_fatal(USE_ERRNO, _("unable to create %s"), pathbuf);
1.1 misho 259: } else {
260: if (mkdir(pathbuf, S_IRWXU) != 0)
1.1.1.2 misho 261: log_fatal(USE_ERRNO, _("unable to create %s"), pathbuf);
1.1 misho 262: }
263:
1.1.1.2 misho 264: debug_return_size_t(len);
1.1 misho 265: }
266:
267: /*
268: * Append suffix to pathbuf after len chars and open the resulting file.
269: * Note that the size of pathbuf is assumed to be PATH_MAX.
1.1.1.2 misho 270: * Uses zlib if docompress is true.
1.1 misho 271: * Returns the open file handle which has the close-on-exec flag set.
272: */
273: static void *
1.1.1.2 misho 274: open_io_fd(char *pathbuf, size_t len, const char *suffix, bool docompress)
1.1 misho 275: {
276: void *vfd = NULL;
277: int fd;
1.1.1.2 misho 278: debug_decl(open_io_fd, SUDO_DEBUG_UTIL)
1.1 misho 279:
280: pathbuf[len] = '\0';
281: strlcat(pathbuf, suffix, PATH_MAX);
282: fd = open(pathbuf, O_CREAT|O_EXCL|O_WRONLY, S_IRUSR|S_IWUSR);
283: if (fd != -1) {
284: fcntl(fd, F_SETFD, FD_CLOEXEC);
285: #ifdef HAVE_ZLIB_H
286: if (docompress)
287: vfd = gzdopen(fd, "w");
288: else
289: #endif
290: vfd = fdopen(fd, "w");
291: }
1.1.1.2 misho 292: debug_return_ptr(vfd);
1.1 misho 293: }
294:
295: /*
296: * Pull out I/O log related data from user_info and command_info arrays.
297: */
298: static void
299: iolog_deserialize_info(struct iolog_details *details, char * const user_info[],
300: char * const command_info[])
301: {
302: const char *runas_uid_str = "0", *runas_euid_str = NULL;
303: const char *runas_gid_str = "0", *runas_egid_str = NULL;
304: char id[MAX_UID_T_LEN + 2], *ep;
305: char * const *cur;
306: unsigned long ulval;
307: uid_t runas_uid = 0;
308: gid_t runas_gid = 0;
1.1.1.2 misho 309: debug_decl(iolog_deserialize_info, SUDO_DEBUG_UTIL)
1.1 misho 310:
311: memset(details, 0, sizeof(*details));
312:
313: for (cur = user_info; *cur != NULL; cur++) {
314: switch (**cur) {
315: case 'c':
316: if (strncmp(*cur, "cwd=", sizeof("cwd=") - 1) == 0) {
317: details->cwd = *cur + sizeof("cwd=") - 1;
318: continue;
319: }
320: break;
321: case 't':
322: if (strncmp(*cur, "tty=", sizeof("tty=") - 1) == 0) {
323: details->tty = *cur + sizeof("tty=") - 1;
324: continue;
325: }
326: break;
327: case 'u':
328: if (strncmp(*cur, "user=", sizeof("user=") - 1) == 0) {
329: details->user = *cur + sizeof("user=") - 1;
330: continue;
331: }
332: break;
333: }
334: }
335:
336: for (cur = command_info; *cur != NULL; cur++) {
337: switch (**cur) {
338: case 'c':
339: if (strncmp(*cur, "command=", sizeof("command=") - 1) == 0) {
340: details->command = *cur + sizeof("command=") - 1;
341: continue;
342: }
343: break;
344: case 'i':
345: if (strncmp(*cur, "iolog_path=", sizeof("iolog_path=") - 1) == 0) {
346: details->iolog_path = *cur + sizeof("iolog_path=") - 1;
347: continue;
348: }
349: if (strncmp(*cur, "iolog_stdin=", sizeof("iolog_stdin=") - 1) == 0) {
1.1.1.2 misho 350: if (atobool(*cur + sizeof("iolog_stdin=") - 1) == true)
351: details->iolog_stdin = true;
1.1 misho 352: continue;
353: }
354: if (strncmp(*cur, "iolog_stdout=", sizeof("iolog_stdout=") - 1) == 0) {
1.1.1.2 misho 355: if (atobool(*cur + sizeof("iolog_stdout=") - 1) == true)
356: details->iolog_stdout = true;
1.1 misho 357: continue;
358: }
359: if (strncmp(*cur, "iolog_stderr=", sizeof("iolog_stderr=") - 1) == 0) {
1.1.1.2 misho 360: if (atobool(*cur + sizeof("iolog_stderr=") - 1) == true)
361: details->iolog_stderr = true;
1.1 misho 362: continue;
363: }
364: if (strncmp(*cur, "iolog_ttyin=", sizeof("iolog_ttyin=") - 1) == 0) {
1.1.1.2 misho 365: if (atobool(*cur + sizeof("iolog_ttyin=") - 1) == true)
366: details->iolog_ttyin = true;
1.1 misho 367: continue;
368: }
369: if (strncmp(*cur, "iolog_ttyout=", sizeof("iolog_ttyout=") - 1) == 0) {
1.1.1.2 misho 370: if (atobool(*cur + sizeof("iolog_ttyout=") - 1) == true)
371: details->iolog_ttyout = true;
1.1 misho 372: continue;
373: }
374: if (strncmp(*cur, "iolog_compress=", sizeof("iolog_compress=") - 1) == 0) {
1.1.1.2 misho 375: if (atobool(*cur + sizeof("iolog_compress=") - 1) == true)
376: iolog_compress = true; /* must be global */
1.1 misho 377: continue;
378: }
379: break;
380: case 'r':
381: if (strncmp(*cur, "runas_gid=", sizeof("runas_gid=") - 1) == 0) {
382: runas_gid_str = *cur + sizeof("runas_gid=") - 1;
383: continue;
384: }
385: if (strncmp(*cur, "runas_egid=", sizeof("runas_egid=") - 1) == 0) {
386: runas_egid_str = *cur + sizeof("runas_egid=") - 1;
387: continue;
388: }
389: if (strncmp(*cur, "runas_uid=", sizeof("runas_uid=") - 1) == 0) {
390: runas_uid_str = *cur + sizeof("runas_uid=") - 1;
391: continue;
392: }
393: if (strncmp(*cur, "runas_euid=", sizeof("runas_euid=") - 1) == 0) {
394: runas_euid_str = *cur + sizeof("runas_euid=") - 1;
395: continue;
396: }
397: break;
398: }
399: }
400:
401: /*
402: * Lookup runas user and group, preferring effective over real uid/gid.
403: */
404: if (runas_euid_str != NULL)
405: runas_uid_str = runas_euid_str;
406: if (runas_uid_str != NULL) {
407: errno = 0;
408: ulval = strtoul(runas_uid_str, &ep, 0);
409: if (*runas_uid_str != '\0' && *ep == '\0' &&
410: (errno != ERANGE || ulval != ULONG_MAX)) {
411: runas_uid = (uid_t)ulval;
412: }
413: }
414: if (runas_egid_str != NULL)
415: runas_gid_str = runas_egid_str;
416: if (runas_gid_str != NULL) {
417: errno = 0;
418: ulval = strtoul(runas_gid_str, &ep, 0);
419: if (*runas_gid_str != '\0' && *ep == '\0' &&
420: (errno != ERANGE || ulval != ULONG_MAX)) {
421: runas_gid = (gid_t)ulval;
422: }
423: }
424:
425: details->runas_pw = sudo_getpwuid(runas_uid);
426: if (details->runas_pw == NULL) {
427: id[0] = '#';
428: strlcpy(&id[1], runas_uid_str, sizeof(id) - 1);
429: details->runas_pw = sudo_fakepwnam(id, runas_gid);
430: }
431:
432: if (runas_gid != details->runas_pw->pw_gid) {
433: details->runas_gr = sudo_getgrgid(runas_gid);
434: if (details->runas_gr == NULL) {
435: id[0] = '#';
436: strlcpy(&id[1], runas_gid_str, sizeof(id) - 1);
437: details->runas_gr = sudo_fakegrnam(id);
438: }
439: }
1.1.1.2 misho 440: debug_return;
1.1 misho 441: }
442:
443: static int
444: sudoers_io_open(unsigned int version, sudo_conv_t conversation,
445: sudo_printf_t plugin_printf, char * const settings[],
446: char * const user_info[], char * const command_info[],
1.1.1.2 misho 447: int argc, char * const argv[], char * const user_env[], char * const args[])
1.1 misho 448: {
449: struct iolog_details details;
450: char pathbuf[PATH_MAX], sessid[7];
451: char *tofree = NULL;
452: char * const *cur;
1.1.1.2 misho 453: const char *debug_flags = NULL;
1.1 misho 454: FILE *io_logfile;
455: size_t len;
456: int rval = -1;
1.1.1.2 misho 457: debug_decl(sudoers_io_open, SUDO_DEBUG_PLUGIN)
1.1 misho 458:
459: if (!sudo_conv)
460: sudo_conv = conversation;
461: if (!sudo_printf)
462: sudo_printf = plugin_printf;
463:
464: /* If we have no command (because -V was specified) just return. */
465: if (argc == 0)
1.1.1.2 misho 466: debug_return_bool(true);
1.1 misho 467:
468: if (sigsetjmp(error_jmp, 1)) {
1.1.1.2 misho 469: /* called via error(), errorx() or log_fatal() */
1.1 misho 470: rval = -1;
471: goto done;
472: }
473:
474: bindtextdomain("sudoers", LOCALEDIR);
475:
476: sudo_setpwent();
477: sudo_setgrent();
478:
479: /*
1.1.1.2 misho 480: * Check for debug flags in settings list.
481: */
482: for (cur = settings; *cur != NULL; cur++) {
483: if (strncmp(*cur, "debug_flags=", sizeof("debug_flags=") - 1) == 0)
484: debug_flags = *cur + sizeof("debug_flags=") - 1;
485: }
486: if (debug_flags != NULL)
487: sudo_debug_init(NULL, debug_flags);
488:
489: /*
1.1 misho 490: * Pull iolog settings out of command_info, if any.
491: */
492: iolog_deserialize_info(&details, user_info, command_info);
493: /* Did policy module disable I/O logging? */
494: if (!details.iolog_stdin && !details.iolog_ttyin &&
495: !details.iolog_stdout && !details.iolog_stderr &&
496: !details.iolog_ttyout) {
1.1.1.2 misho 497: rval = false;
1.1 misho 498: goto done;
499: }
500:
501: /* If no I/O log path defined we need to figure it out ourselves. */
502: if (details.iolog_path == NULL) {
503: /* Get next session ID and convert it into a path. */
504: tofree = emalloc(sizeof(_PATH_SUDO_IO_LOGDIR) + sizeof(sessid) + 2);
505: memcpy(tofree, _PATH_SUDO_IO_LOGDIR, sizeof(_PATH_SUDO_IO_LOGDIR));
1.1.1.3 ! misho 506: io_nextid(tofree, NULL, sessid);
1.1 misho 507: snprintf(tofree + sizeof(_PATH_SUDO_IO_LOGDIR), sizeof(sessid) + 2,
508: "%c%c/%c%c/%c%c", sessid[0], sessid[1], sessid[2], sessid[3],
509: sessid[4], sessid[5]);
510: details.iolog_path = tofree;
511: }
512:
513: /*
514: * Make local copy of I/O log path and create it, along with any
515: * intermediate subdirs. Calls mkdtemp() if iolog_path ends in XXXXXX.
516: */
517: len = mkdir_iopath(details.iolog_path, pathbuf, sizeof(pathbuf));
518: if (len >= sizeof(pathbuf))
519: goto done;
520:
521: /*
522: * We create 7 files: a log file, a timing file and 5 for input/output.
523: */
1.1.1.2 misho 524: io_logfile = open_io_fd(pathbuf, len, "/log", false);
1.1 misho 525: if (io_logfile == NULL)
1.1.1.2 misho 526: log_fatal(USE_ERRNO, _("unable to create %s"), pathbuf);
1.1 misho 527:
528: io_fds[IOFD_TIMING].v = open_io_fd(pathbuf, len, "/timing",
529: iolog_compress);
530: if (io_fds[IOFD_TIMING].v == NULL)
1.1.1.2 misho 531: log_fatal(USE_ERRNO, _("unable to create %s"), pathbuf);
1.1 misho 532:
533: if (details.iolog_ttyin) {
534: io_fds[IOFD_TTYIN].v = open_io_fd(pathbuf, len, "/ttyin",
535: iolog_compress);
536: if (io_fds[IOFD_TTYIN].v == NULL)
1.1.1.2 misho 537: log_fatal(USE_ERRNO, _("unable to create %s"), pathbuf);
1.1 misho 538: } else {
539: sudoers_io.log_ttyin = NULL;
540: }
541: if (details.iolog_stdin) {
542: io_fds[IOFD_STDIN].v = open_io_fd(pathbuf, len, "/stdin",
543: iolog_compress);
544: if (io_fds[IOFD_STDIN].v == NULL)
1.1.1.2 misho 545: log_fatal(USE_ERRNO, _("unable to create %s"), pathbuf);
1.1 misho 546: } else {
547: sudoers_io.log_stdin = NULL;
548: }
549: if (details.iolog_ttyout) {
550: io_fds[IOFD_TTYOUT].v = open_io_fd(pathbuf, len, "/ttyout",
551: iolog_compress);
552: if (io_fds[IOFD_TTYOUT].v == NULL)
1.1.1.2 misho 553: log_fatal(USE_ERRNO, _("unable to create %s"), pathbuf);
1.1 misho 554: } else {
555: sudoers_io.log_ttyout = NULL;
556: }
557: if (details.iolog_stdout) {
558: io_fds[IOFD_STDOUT].v = open_io_fd(pathbuf, len, "/stdout",
559: iolog_compress);
560: if (io_fds[IOFD_STDOUT].v == NULL)
1.1.1.2 misho 561: log_fatal(USE_ERRNO, _("unable to create %s"), pathbuf);
1.1 misho 562: } else {
563: sudoers_io.log_stdout = NULL;
564: }
565: if (details.iolog_stderr) {
566: io_fds[IOFD_STDERR].v = open_io_fd(pathbuf, len, "/stderr",
567: iolog_compress);
568: if (io_fds[IOFD_STDERR].v == NULL)
1.1.1.2 misho 569: log_fatal(USE_ERRNO, _("unable to create %s"), pathbuf);
1.1 misho 570: } else {
571: sudoers_io.log_stderr = NULL;
572: }
573:
574: gettimeofday(&last_time, NULL);
575:
576: fprintf(io_logfile, "%ld:%s:%s:%s:%s\n", (long)last_time.tv_sec,
577: details.user ? details.user : "unknown", details.runas_pw->pw_name,
578: details.runas_gr ? details.runas_gr->gr_name : "",
579: details.tty ? details.tty : "unknown");
580: fputs(details.cwd ? details.cwd : "unknown", io_logfile);
581: fputc('\n', io_logfile);
582: fputs(details.command ? details.command : "unknown", io_logfile);
583: for (cur = &argv[1]; *cur != NULL; cur++) {
584: fputc(' ', io_logfile);
585: fputs(*cur, io_logfile);
586: }
587: fputc('\n', io_logfile);
588: fclose(io_logfile);
589:
1.1.1.2 misho 590: rval = true;
1.1 misho 591:
592: done:
593: efree(tofree);
594: if (details.runas_pw)
1.1.1.3 ! misho 595: sudo_pw_delref(details.runas_pw);
1.1 misho 596: sudo_endpwent();
597: if (details.runas_gr)
1.1.1.3 ! misho 598: sudo_gr_delref(details.runas_gr);
1.1 misho 599: sudo_endgrent();
600:
1.1.1.2 misho 601: debug_return_bool(rval);
1.1 misho 602: }
603:
604: static void
605: sudoers_io_close(int exit_status, int error)
606: {
607: int i;
1.1.1.2 misho 608: debug_decl(sudoers_io_close, SUDO_DEBUG_PLUGIN)
1.1 misho 609:
610: if (sigsetjmp(error_jmp, 1)) {
1.1.1.2 misho 611: /* called via error(), errorx() or log_fatal() */
612: debug_return;
1.1 misho 613: }
614:
615: for (i = 0; i < IOFD_MAX; i++) {
616: if (io_fds[i].v == NULL)
617: continue;
618: #ifdef HAVE_ZLIB_H
619: if (iolog_compress)
620: gzclose(io_fds[i].g);
621: else
622: #endif
623: fclose(io_fds[i].f);
624: }
1.1.1.2 misho 625: debug_return;
1.1 misho 626: }
627:
628: static int
629: sudoers_io_version(int verbose)
630: {
1.1.1.2 misho 631: debug_decl(sudoers_io_version, SUDO_DEBUG_PLUGIN)
632:
1.1 misho 633: if (sigsetjmp(error_jmp, 1)) {
1.1.1.2 misho 634: /* called via error(), errorx() or log_fatal() */
635: debug_return_bool(-1);
1.1 misho 636: }
637:
638: sudo_printf(SUDO_CONV_INFO_MSG, "Sudoers I/O plugin version %s\n",
639: PACKAGE_VERSION);
640:
1.1.1.2 misho 641: debug_return_bool(true);
1.1 misho 642: }
643:
644: /*
645: * Generic I/O logging function. Called by the I/O logging entry points.
646: */
647: static int
648: sudoers_io_log(const char *buf, unsigned int len, int idx)
649: {
650: struct timeval now, delay;
1.1.1.2 misho 651: debug_decl(sudoers_io_version, SUDO_DEBUG_PLUGIN)
1.1 misho 652:
653: gettimeofday(&now, NULL);
654:
655: if (sigsetjmp(error_jmp, 1)) {
1.1.1.2 misho 656: /* called via error(), errorx() or log_fatal() */
657: debug_return_bool(-1);
1.1 misho 658: }
659:
660: #ifdef HAVE_ZLIB_H
661: if (iolog_compress)
1.1.1.2 misho 662: ignore_result(gzwrite(io_fds[idx].g, (const voidp)buf, len));
1.1 misho 663: else
664: #endif
1.1.1.2 misho 665: ignore_result(fwrite(buf, 1, len, io_fds[idx].f));
1.1 misho 666: delay.tv_sec = now.tv_sec;
667: delay.tv_usec = now.tv_usec;
668: timevalsub(&delay, &last_time);
669: #ifdef HAVE_ZLIB_H
670: if (iolog_compress)
671: gzprintf(io_fds[IOFD_TIMING].g, "%d %f %d\n", idx,
672: delay.tv_sec + ((double)delay.tv_usec / 1000000), len);
673: else
674: #endif
675: fprintf(io_fds[IOFD_TIMING].f, "%d %f %d\n", idx,
676: delay.tv_sec + ((double)delay.tv_usec / 1000000), len);
677: last_time.tv_sec = now.tv_sec;
678: last_time.tv_usec = now.tv_usec;
679:
1.1.1.2 misho 680: debug_return_bool(true);
1.1 misho 681: }
682:
683: static int
684: sudoers_io_log_ttyin(const char *buf, unsigned int len)
685: {
686: return sudoers_io_log(buf, len, IOFD_TTYIN);
687: }
688:
689: static int
690: sudoers_io_log_ttyout(const char *buf, unsigned int len)
691: {
692: return sudoers_io_log(buf, len, IOFD_TTYOUT);
693: }
694:
695: static int
696: sudoers_io_log_stdin(const char *buf, unsigned int len)
697: {
698: return sudoers_io_log(buf, len, IOFD_STDIN);
699: }
700:
701: static int
702: sudoers_io_log_stdout(const char *buf, unsigned int len)
703: {
704: return sudoers_io_log(buf, len, IOFD_STDOUT);
705: }
706:
707: static int
708: sudoers_io_log_stderr(const char *buf, unsigned int len)
709: {
710: return sudoers_io_log(buf, len, IOFD_STDERR);
711: }
712:
1.1.1.3 ! misho 713: __dso_public struct io_plugin sudoers_io = {
1.1 misho 714: SUDO_IO_PLUGIN,
715: SUDO_API_VERSION,
716: sudoers_io_open,
717: sudoers_io_close,
718: sudoers_io_version,
719: sudoers_io_log_ttyin,
720: sudoers_io_log_ttyout,
721: sudoers_io_log_stdin,
722: sudoers_io_log_stdout,
723: sudoers_io_log_stderr
724: };
FreeBSD-CVSweb <freebsd-cvsweb@FreeBSD.org>
![[BACK]](/icons/cvsweb/back.gif){kind=icon}
Return to iolog.c CVS log ![[TXT]](/icons/cvsweb/text.gif){kind=icon}
![[DIR]](/icons/cvsweb/dir.gif){kind=icon}
Up to [ELWIX - Embedded LightWeight unIX -] / embedaddon / sudo / plugins / sudoers