version 1.1.1.4, 2013/07/22 10:46:12
|
version 1.1.1.6, 2014/06/15 16:12:54
|
Line 59
|
Line 59
|
|
|
#include "sudoers.h" |
#include "sudoers.h" |
|
|
#ifndef va_copy |
|
# define va_copy(d, s) memcpy(&(d), &(s), sizeof(d)); |
|
#endif |
|
|
|
/* Special message for log_warning() so we know to use ngettext() */ |
/* Special message for log_warning() so we know to use ngettext() */ |
#define INCORRECT_PASSWORD_ATTEMPT ((char *)0x01) |
#define INCORRECT_PASSWORD_ATTEMPT ((char *)0x01) |
|
|
Line 180 do_logfile(char *msg)
|
Line 176 do_logfile(char *msg)
|
char *full_line; |
char *full_line; |
size_t len; |
size_t len; |
mode_t oldmask; |
mode_t oldmask; |
time_t now; |
|
int oldlocale; |
int oldlocale; |
FILE *fp; |
FILE *fp; |
debug_decl(do_logfile, SUDO_DEBUG_LOGGING) |
debug_decl(do_logfile, SUDO_DEBUG_LOGGING) |
Line 197 do_logfile(char *msg)
|
Line 192 do_logfile(char *msg)
|
send_mail(_("unable to lock log file: %s: %s"), |
send_mail(_("unable to lock log file: %s: %s"), |
def_logfile, strerror(errno)); |
def_logfile, strerror(errno)); |
} else { |
} else { |
time(&now); | const char *timestr = get_timestr(time(NULL), def_log_year); |
if (def_loglinelen < sizeof(LOG_INDENT)) { | if (timestr == NULL) |
| timestr = "invalid date"; |
| if ((size_t)def_loglinelen < sizeof(LOG_INDENT)) { |
/* Don't pretty-print long log file lines (hard to grep) */ |
/* Don't pretty-print long log file lines (hard to grep) */ |
if (def_log_host) | if (def_log_host) { |
(void) fprintf(fp, "%s : %s : HOST=%s : %s\n", |
(void) fprintf(fp, "%s : %s : HOST=%s : %s\n", |
get_timestr(now, def_log_year), user_name, user_shost, msg); | timestr, user_name, user_srunhost, msg); |
else | } else { |
(void) fprintf(fp, "%s : %s : %s\n", | (void) fprintf(fp, "%s : %s : %s\n", timestr, user_name, msg); |
get_timestr(now, def_log_year), user_name, msg); | } |
} else { |
} else { |
if (def_log_host) | if (def_log_host) { |
len = easprintf(&full_line, "%s : %s : HOST=%s : %s", |
len = easprintf(&full_line, "%s : %s : HOST=%s : %s", |
get_timestr(now, def_log_year), user_name, user_shost, msg); | timestr, user_name, user_srunhost, msg); |
else | } else { |
len = easprintf(&full_line, "%s : %s : %s", |
len = easprintf(&full_line, "%s : %s : %s", |
get_timestr(now, def_log_year), user_name, msg); | timestr, user_name, msg); |
| } |
|
|
/* |
/* |
* Print out full_line with word wrap around def_loglinelen chars. |
* Print out full_line with word wrap around def_loglinelen chars. |
Line 290 log_denial(int status, bool inform_user)
|
Line 288 log_denial(int status, bool inform_user)
|
} else if (ISSET(status, FLAG_NO_HOST)) { |
} else if (ISSET(status, FLAG_NO_HOST)) { |
sudo_printf(SUDO_CONV_ERROR_MSG, _("%s is not allowed to run sudo " |
sudo_printf(SUDO_CONV_ERROR_MSG, _("%s is not allowed to run sudo " |
"on %s. This incident will be reported.\n"), |
"on %s. This incident will be reported.\n"), |
user_name, user_shost); | user_name, user_srunhost); |
} else if (ISSET(status, FLAG_NO_CHECK)) { |
} else if (ISSET(status, FLAG_NO_CHECK)) { |
sudo_printf(SUDO_CONV_ERROR_MSG, _("Sorry, user %s may not run " |
sudo_printf(SUDO_CONV_ERROR_MSG, _("Sorry, user %s may not run " |
"sudo on %s.\n"), user_name, user_shost); | "sudo on %s.\n"), user_name, user_srunhost); |
} else { |
} else { |
sudo_printf(SUDO_CONV_ERROR_MSG, _("Sorry, user %s is not allowed " |
sudo_printf(SUDO_CONV_ERROR_MSG, _("Sorry, user %s is not allowed " |
"to execute '%s%s%s' as %s%s%s on %s.\n"), |
"to execute '%s%s%s' as %s%s%s on %s.\n"), |
Line 332 log_failure(int status, int flags)
|
Line 330 log_failure(int status, int flags)
|
* their path to just contain a single dir. |
* their path to just contain a single dir. |
*/ |
*/ |
if (flags == NOT_FOUND) |
if (flags == NOT_FOUND) |
warningx(_("%s: command not found"), user_cmnd); | warningx(U_("%s: command not found"), user_cmnd); |
else if (flags == NOT_FOUND_DOT) |
else if (flags == NOT_FOUND_DOT) |
warningx(_("ignoring `%s' found in '.'\nUse `sudo ./%s' if this is the `%s' you wish to run."), user_cmnd, user_cmnd, user_cmnd); | warningx(U_("ignoring `%s' found in '.'\nUse `sudo ./%s' if this is the `%s' you wish to run."), user_cmnd, user_cmnd, user_cmnd); |
} |
} |
|
|
debug_return; |
debug_return; |
Line 344 log_failure(int status, int flags)
|
Line 342 log_failure(int status, int flags)
|
* Log and audit that user was not able to authenticate themselves. |
* Log and audit that user was not able to authenticate themselves. |
*/ |
*/ |
void |
void |
log_auth_failure(int status, int tries) | log_auth_failure(int status, unsigned int tries) |
{ |
{ |
int flags = NO_MAIL; |
int flags = NO_MAIL; |
debug_decl(log_auth_failure, SUDO_DEBUG_LOGGING) |
debug_decl(log_auth_failure, SUDO_DEBUG_LOGGING) |
Line 439 vlog_warning(int flags, const char *fmt, va_list ap)
|
Line 437 vlog_warning(int flags, const char *fmt, va_list ap)
|
|
|
/* Expand printf-style format + args (with a special case). */ |
/* Expand printf-style format + args (with a special case). */ |
if (fmt == INCORRECT_PASSWORD_ATTEMPT) { |
if (fmt == INCORRECT_PASSWORD_ATTEMPT) { |
int tries = va_arg(ap, int); | unsigned int tries = va_arg(ap, unsigned int); |
easprintf(&message, ngettext("%d incorrect password attempt", | easprintf(&message, ngettext("%u incorrect password attempt", |
"%d incorrect password attempts", tries), tries); | "%u incorrect password attempts", tries), tries); |
} else { |
} else { |
evasprintf(&message, _(fmt), ap); |
evasprintf(&message, _(fmt), ap); |
} |
} |
|
|
|
/* Log to debug file. */ |
|
if (USE_ERRNO) { |
|
sudo_debug_printf2(NULL, NULL, 0, |
|
SUDO_DEBUG_WARN|SUDO_DEBUG_ERRNO|sudo_debug_subsys, "%s", message); |
|
} else { |
|
sudo_debug_printf2(NULL, NULL, 0, |
|
SUDO_DEBUG_WARN|sudo_debug_subsys, "%s", message); |
|
} |
|
|
if (ISSET(flags, MSG_ONLY)) { |
if (ISSET(flags, MSG_ONLY)) { |
logline = message; |
logline = message; |
} else { |
} else { |
Line 482 vlog_warning(int flags, const char *fmt, va_list ap)
|
Line 489 vlog_warning(int flags, const char *fmt, va_list ap)
|
* Tell the user (in their locale). |
* Tell the user (in their locale). |
*/ |
*/ |
if (!ISSET(flags, NO_STDERR)) { |
if (!ISSET(flags, NO_STDERR)) { |
|
sudoers_setlocale(SUDOERS_LOCALE_USER, &oldlocale); |
if (fmt == INCORRECT_PASSWORD_ATTEMPT) { |
if (fmt == INCORRECT_PASSWORD_ATTEMPT) { |
int tries = va_arg(ap2, int); | unsigned int tries = va_arg(ap2, unsigned int); |
warningx(ngettext("%d incorrect password attempt", | warningx_nodebug(ngettext("%u incorrect password attempt", |
"%d incorrect password attempts", tries), tries); | "%u incorrect password attempts", tries), tries); |
} else { |
} else { |
if (ISSET(flags, USE_ERRNO)) |
if (ISSET(flags, USE_ERRNO)) |
vwarning(fmt, ap2); | vwarning_nodebug(_(fmt), ap2); |
else |
else |
vwarningx(fmt, ap2); | vwarningx_nodebug(_(fmt), ap2); |
} |
} |
|
sudoers_setlocale(oldlocale, NULL); |
va_end(ap2); |
va_end(ap2); |
} |
} |
|
|
Line 539 send_mail(const char *fmt, ...)
|
Line 548 send_mail(const char *fmt, ...)
|
{ |
{ |
FILE *mail; |
FILE *mail; |
char *p; |
char *p; |
|
const char *timestr; |
int fd, pfd[2], status; |
int fd, pfd[2], status; |
pid_t pid, rv; |
pid_t pid, rv; |
sigaction_t sa; |
sigaction_t sa; |
|
struct stat sb; |
va_list ap; |
va_list ap; |
#ifndef NO_ROOT_MAILER |
#ifndef NO_ROOT_MAILER |
static char *root_envp[] = { |
static char *root_envp[] = { |
Line 559 send_mail(const char *fmt, ...)
|
Line 570 send_mail(const char *fmt, ...)
|
if (!def_mailerpath || !def_mailto) |
if (!def_mailerpath || !def_mailto) |
debug_return; |
debug_return; |
|
|
|
/* Make sure the mailer exists and is a regular file. */ |
|
if (stat(def_mailerpath, &sb) != 0 || !S_ISREG(sb.st_mode)) |
|
debug_return; |
|
|
/* Fork and return, child will daemonize. */ |
/* Fork and return, child will daemonize. */ |
switch (pid = sudo_debug_fork()) { |
switch (pid = sudo_debug_fork()) { |
case -1: |
case -1: |
/* Error. */ |
/* Error. */ |
fatal(_("unable to fork")); | fatal(U_("unable to fork")); |
break; |
break; |
case 0: |
case 0: |
/* Child. */ |
/* Child. */ |
Line 609 send_mail(const char *fmt, ...)
|
Line 624 send_mail(const char *fmt, ...)
|
closefrom(STDERR_FILENO + 1); |
closefrom(STDERR_FILENO + 1); |
|
|
/* Ignore SIGPIPE in case mailer exits prematurely (or is missing). */ |
/* Ignore SIGPIPE in case mailer exits prematurely (or is missing). */ |
zero_bytes(&sa, sizeof(sa)); | memset(&sa, 0, sizeof(sa)); |
sigemptyset(&sa.sa_mask); |
sigemptyset(&sa.sa_mask); |
sa.sa_flags = SA_INTERRUPT; |
sa.sa_flags = SA_INTERRUPT; |
sa.sa_handler = SIG_IGN; |
sa.sa_handler = SIG_IGN; |
Line 635 send_mail(const char *fmt, ...)
|
Line 650 send_mail(const char *fmt, ...)
|
case 0: |
case 0: |
{ |
{ |
char *argv[MAX_MAILFLAGS + 1]; |
char *argv[MAX_MAILFLAGS + 1]; |
char *mpath, *mflags; | char *mflags, *mpath = def_mailerpath; |
int i; |
int i; |
|
|
/* Child, set stdin to output side of the pipe */ |
/* Child, set stdin to output side of the pipe */ |
Line 652 send_mail(const char *fmt, ...)
|
Line 667 send_mail(const char *fmt, ...)
|
|
|
/* Build up an argv based on the mailer path and flags */ |
/* Build up an argv based on the mailer path and flags */ |
mflags = estrdup(def_mailerflags); |
mflags = estrdup(def_mailerflags); |
mpath = estrdup(def_mailerpath); | if ((argv[0] = strrchr(mpath, '/'))) |
if ((argv[0] = strrchr(mpath, ' '))) | |
argv[0]++; |
argv[0]++; |
else |
else |
argv[0] = mpath; |
argv[0] = mpath; |
Line 714 send_mail(const char *fmt, ...)
|
Line 728 send_mail(const char *fmt, ...)
|
(void) fprintf(mail, "\nContent-Type: text/plain; charset=\"%s\"\nContent-Transfer-Encoding: 8bit", nl_langinfo(CODESET)); |
(void) fprintf(mail, "\nContent-Type: text/plain; charset=\"%s\"\nContent-Transfer-Encoding: 8bit", nl_langinfo(CODESET)); |
#endif /* HAVE_NL_LANGINFO */ |
#endif /* HAVE_NL_LANGINFO */ |
|
|
(void) fprintf(mail, "\n\n%s : %s : %s : ", user_host, | if ((timestr = get_timestr(time(NULL), def_log_year)) == NULL) |
get_timestr(time(NULL), def_log_year), user_name); | timestr = "invalid date"; |
| (void) fprintf(mail, "\n\n%s : %s : %s : ", user_host, timestr, user_name); |
va_start(ap, fmt); |
va_start(ap, fmt); |
(void) vfprintf(mail, fmt, ap); |
(void) vfprintf(mail, fmt, ap); |
va_end(ap); |
va_end(ap); |
Line 896 new_logline(const char *message, int serrno)
|
Line 911 new_logline(const char *message, int serrno)
|
|
|
debug_return_str(line); |
debug_return_str(line); |
toobig: |
toobig: |
fatalx(_("internal error: insufficient space for log line")); | fatalx(U_("internal error: insufficient space for log line")); |
} |
} |