2 * Copyright (c) 2011 Todd C. Miller <Todd.Miller@courtesan.com>
4 * Permission to use, copy, modify, and distribute this software for any
5 * purpose with or without fee is hereby granted, provided that the above
6 * copyright notice and this permission notice appear in all copies.
8 * THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES
9 * WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF
10 * MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR
11 * ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES
12 * WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN
13 * ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF
14 * OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
19 #include <sys/types.h>
20 #include <sys/param.h>
31 #endif /* STDC_HEADERS */
35 # include "compat/stdbool.h"
39 #endif /* HAVE_STRING_H */
42 #endif /* HAVE_STRINGS_H */
45 #endif /* HAVE_UNISTD_H */
55 #include "sudo_plugin.h"
56 #include "sudo_debug.h"
59 * The debug priorities and subsystems are currently hard-coded.
60 * In the future we might consider allowing plugins to register their
61 * own subsystems and provide direct access to the debugging API.
64 /* Note: this must match the order in sudo_debug.h */
65 const char *const sudo_debug_priorities[] = {
77 /* Note: this must match the order in sudo_debug.h */
78 const char *const sudo_debug_subsystems[] = {
107 #define NUM_SUBSYSTEMS (sizeof(sudo_debug_subsystems) / sizeof(sudo_debug_subsystems[0]) - 1)
109 /* Values for sudo_debug_mode */
110 #define SUDO_DEBUG_MODE_DISABLED 0
111 #define SUDO_DEBUG_MODE_FILE 1
112 #define SUDO_DEBUG_MODE_CONV 2
114 static int sudo_debug_settings[NUM_SUBSYSTEMS];
115 static int sudo_debug_fd = -1;
116 static int sudo_debug_mode;
117 static char sudo_debug_pidstr[(((sizeof(int) * 8) + 2) / 3) + 3];
118 static size_t sudo_debug_pidlen;
120 extern sudo_conv_t sudo_conv;
123 * Parse settings string from sudo.conf and open debugfile.
124 * Returns 1 on success, 0 if cannot open debugfile.
125 * Unsupported subsystems and priorities are silently ignored.
127 int sudo_debug_init(const char *debugfile, const char *settings)
129 char *buf, *cp, *subsys, *pri;
132 /* Init per-subsystems settings to -1 since 0 is a valid priority. */
133 for (i = 0; i < NUM_SUBSYSTEMS; i++)
134 sudo_debug_settings[i] = -1;
136 /* Open debug file if specified. */
137 if (debugfile != NULL) {
138 if (sudo_debug_fd != -1)
139 close(sudo_debug_fd);
140 sudo_debug_fd = open(debugfile, O_WRONLY|O_APPEND|O_CREAT,
142 if (sudo_debug_fd == -1)
144 (void)fcntl(sudo_debug_fd, F_SETFD, FD_CLOEXEC);
145 sudo_debug_mode = SUDO_DEBUG_MODE_FILE;
147 /* Called from the plugin, no debug file. */
148 sudo_debug_mode = SUDO_DEBUG_MODE_CONV;
151 /* Parse settings string. */
152 buf = estrdup(settings);
153 for ((cp = strtok(buf, ",")); cp != NULL; (cp = strtok(NULL, ","))) {
154 /* Should be in the form subsys@pri. */
156 if ((pri = strchr(cp, '@')) == NULL)
160 /* Look up priority and subsystem, fill in sudo_debug_settings[]. */
161 for (i = 0; sudo_debug_priorities[i] != NULL; i++) {
162 if (strcasecmp(pri, sudo_debug_priorities[i]) == 0) {
163 for (j = 0; sudo_debug_subsystems[j] != NULL; j++) {
164 if (strcasecmp(subsys, "all") == 0) {
165 sudo_debug_settings[j] = i;
168 if (strcasecmp(subsys, sudo_debug_subsystems[j]) == 0) {
169 sudo_debug_settings[j] = i;
179 (void)snprintf(sudo_debug_pidstr, sizeof(sudo_debug_pidstr), "[%d] ",
181 sudo_debug_pidlen = strlen(sudo_debug_pidstr);
187 sudo_debug_fork(void)
191 if ((pid = fork()) == 0) {
192 (void)snprintf(sudo_debug_pidstr, sizeof(sudo_debug_pidstr), "[%d] ",
194 sudo_debug_pidlen = strlen(sudo_debug_pidstr);
201 sudo_debug_enter(const char *func, const char *file, int line,
204 sudo_debug_printf2(NULL, NULL, 0, subsys | SUDO_DEBUG_TRACE,
205 "-> %s @ %s:%d", func, file, line);
208 void sudo_debug_exit(const char *func, const char *file, int line,
211 sudo_debug_printf2(NULL, NULL, 0, subsys | SUDO_DEBUG_TRACE,
212 "<- %s @ %s:%d", func, file, line);
215 void sudo_debug_exit_int(const char *func, const char *file, int line,
216 int subsys, int rval)
218 sudo_debug_printf2(NULL, NULL, 0, subsys | SUDO_DEBUG_TRACE,
219 "<- %s @ %s:%d := %d", func, file, line, rval);
222 void sudo_debug_exit_long(const char *func, const char *file, int line,
223 int subsys, long rval)
225 sudo_debug_printf2(NULL, NULL, 0, subsys | SUDO_DEBUG_TRACE,
226 "<- %s @ %s:%d := %ld", func, file, line, rval);
229 void sudo_debug_exit_size_t(const char *func, const char *file, int line,
230 int subsys, size_t rval)
232 /* XXX - should use %zu but our snprintf.c doesn't support it */
233 sudo_debug_printf2(NULL, NULL, 0, subsys | SUDO_DEBUG_TRACE,
234 "<- %s @ %s:%d := %lu", func, file, line, (unsigned long)rval);
237 /* We use int, not bool, here for functions that return -1 on error. */
238 void sudo_debug_exit_bool(const char *func, const char *file, int line,
239 int subsys, int rval)
241 if (rval == true || rval == false) {
242 sudo_debug_printf2(NULL, NULL, 0, subsys | SUDO_DEBUG_TRACE,
243 "<- %s @ %s:%d := %s", func, file, line, rval ? "true" : "false");
245 sudo_debug_printf2(NULL, NULL, 0, subsys | SUDO_DEBUG_TRACE,
246 "<- %s @ %s:%d := %d", func, file, line, rval);
250 void sudo_debug_exit_str(const char *func, const char *file, int line,
251 int subsys, const char *rval)
253 sudo_debug_printf2(NULL, NULL, 0, subsys | SUDO_DEBUG_TRACE,
254 "<- %s @ %s:%d := %s", func, file, line, rval ? rval : "(null)");
257 void sudo_debug_exit_str_masked(const char *func, const char *file, int line,
258 int subsys, const char *rval)
260 static const char stars[] = "********************************************************************************";
261 int len = rval ? strlen(rval) : sizeof("(null)") - 1;
263 sudo_debug_printf2(NULL, NULL, 0, subsys | SUDO_DEBUG_TRACE,
264 "<- %s @ %s:%d := %.*s", func, file, line, len, rval ? stars : "(null)");
267 void sudo_debug_exit_ptr(const char *func, const char *file, int line,
268 int subsys, const void *rval)
270 sudo_debug_printf2(NULL, NULL, 0, subsys | SUDO_DEBUG_TRACE,
271 "<- %s @ %s:%d := %p", func, file, line, rval);
275 sudo_debug_write_conv(const char *func, const char *file, int lineno,
276 const char *str, int len, int errno_val)
278 struct sudo_conv_message msg;
279 struct sudo_conv_reply repl;
282 /* Call conversation function */
283 if (sudo_conv != NULL) {
284 /* Remove the newline at the end if appending extra info. */
285 if (str[len - 1] == '\n')
288 if (func != NULL && file != NULL && lineno != 0) {
290 easprintf(&buf, "%.*s: %s @ %s() %s:%d", len, str,
291 strerror(errno_val), func, file, lineno);
293 easprintf(&buf, "%.*s @ %s() %s:%d", len, str,
297 } else if (errno_val) {
298 easprintf(&buf, "%.*s: %s", len, str, strerror(errno_val));
301 memset(&msg, 0, sizeof(msg));
302 memset(&repl, 0, sizeof(repl));
303 msg.msg_type = SUDO_CONV_DEBUG_MSG;
305 sudo_conv(1, &msg, &repl);
312 sudo_debug_write_file(const char *func, const char *file, int lineno,
313 const char *str, int len, int errno_val)
315 char *timestr, numbuf[(((sizeof(int) * 8) + 2) / 3) + 2];
317 struct iovec iov[12];
319 bool need_newline = false;
321 /* Prepend program name and pid with a trailing space. */
322 iov[1].iov_base = (char *)getprogname();
323 iov[1].iov_len = strlen(iov[1].iov_base);
324 iov[2].iov_base = sudo_debug_pidstr;
325 iov[2].iov_len = sudo_debug_pidlen;
327 /* Add string along with newline if it doesn't have one. */
328 iov[3].iov_base = (char *)str;
329 iov[3].iov_len = len;
330 if (str[len - 1] != '\n')
333 /* Append error string if errno is specified. */
335 iov[iovcnt].iov_base = ": ";
336 iov[iovcnt].iov_len = 2;
338 iov[iovcnt].iov_base = strerror(errno_val);
339 iov[iovcnt].iov_len = strlen(iov[iovcnt].iov_base);
342 /* Move newline to the end. */
349 /* If function, file and lineno are specified, append them. */
350 if (func != NULL && file != NULL && lineno != 0) {
351 iov[iovcnt].iov_base = " @ ";
352 iov[iovcnt].iov_len = 3;
355 iov[iovcnt].iov_base = (char *)func;
356 iov[iovcnt].iov_len = strlen(func);
359 iov[iovcnt].iov_base = "() ";
360 iov[iovcnt].iov_len = 3;
363 iov[iovcnt].iov_base = (char *)file;
364 iov[iovcnt].iov_len = strlen(file);
367 (void)snprintf(numbuf, sizeof(numbuf), ":%d", lineno);
368 iov[iovcnt].iov_base = numbuf;
369 iov[iovcnt].iov_len = strlen(numbuf);
372 /* Move newline to the end. */
379 /* Append newline as needed. */
382 iov[iovcnt].iov_base = "\n";
383 iov[iovcnt].iov_len = 1;
387 /* Do timestamp last due to ctime's static buffer. */
389 timestr = ctime(&now) + 4;
390 timestr[15] = ' '; /* replace year with a space */
392 iov[0].iov_base = timestr;
395 /* Write message in a single syscall */
396 ignore_result(writev(sudo_debug_fd, iov, iovcnt));
400 sudo_debug_write2(const char *func, const char *file, int lineno,
401 const char *str, int len, int errno_val)
406 switch (sudo_debug_mode) {
407 case SUDO_DEBUG_MODE_CONV:
408 sudo_debug_write_conv(func, file, lineno, str, len, errno_val);
410 case SUDO_DEBUG_MODE_FILE:
411 sudo_debug_write_file(func, file, lineno, str, len, errno_val);
416 /* XXX - turn into a macro */
418 sudo_debug_write(const char *str, int len, int errno_val)
420 sudo_debug_write2(NULL, NULL, 0, str, len, errno_val);
424 sudo_debug_printf2(const char *func, const char *file, int lineno, int level,
425 const char *fmt, ...)
427 int buflen, pri, subsys, saved_errno = errno;
431 if (!sudo_debug_mode)
434 /* Extract pri and subsystem from level. */
435 pri = SUDO_DEBUG_PRI(level);
436 subsys = SUDO_DEBUG_SUBSYS(level);
438 /* Make sure we want debug info at this level. */
439 if (subsys < NUM_SUBSYSTEMS && sudo_debug_settings[subsys] >= pri) {
441 buflen = vasprintf(&buf, fmt, ap);
444 int errcode = ISSET(level, SUDO_DEBUG_ERRNO) ? saved_errno : 0;
445 if (ISSET(level, SUDO_DEBUG_LINENO))
446 sudo_debug_write2(func, file, lineno, buf, buflen, errcode);
448 sudo_debug_write2(NULL, NULL, 0, buf, buflen, errcode);
457 sudo_debug_execve2(int level, const char *path, char *const argv[], char *const envp[])
461 int buflen, pri, subsys, log_envp = 0;
464 if (!sudo_debug_mode)
467 /* Extract pri and subsystem from level. */
468 pri = SUDO_DEBUG_PRI(level);
469 subsys = SUDO_DEBUG_SUBSYS(level);
471 /* Make sure we want debug info at this level. */
472 if (subsys >= NUM_SUBSYSTEMS || sudo_debug_settings[subsys] < pri)
475 /* Log envp for debug level "debug". */
476 if (sudo_debug_settings[subsys] >= SUDO_DEBUG_DEBUG - 1 && envp[0] != NULL)
479 #define EXEC_PREFIX "exec "
481 /* Alloc and build up buffer. */
483 buflen = sizeof(EXEC_PREFIX) -1 + plen;
484 if (argv[0] != NULL) {
485 buflen += sizeof(" []") - 1;
486 for (av = argv; *av; av++)
487 buflen += strlen(*av) + 1;
491 buflen += sizeof(" []") - 1;
492 for (av = envp; *av; av++)
493 buflen += strlen(*av) + 1;
496 buf = malloc(buflen + 1);
500 /* Copy prefix and command. */
501 memcpy(buf, EXEC_PREFIX, sizeof(EXEC_PREFIX) - 1);
502 cp = buf + sizeof(EXEC_PREFIX) - 1;
503 memcpy(cp, path, plen);
507 if (argv[0] != NULL) {
510 for (av = argv; *av; av++) {
511 size_t avlen = strlen(*av);
512 memcpy(cp, *av, avlen);
522 for (av = envp; *av; av++) {
523 size_t avlen = strlen(*av);
524 memcpy(cp, *av, avlen);
533 sudo_debug_write(buf, buflen, 0);
538 * Dup sudo_debug_fd to the specified value so we don't
539 * close it when calling closefrom().
542 sudo_debug_fd_set(int fd)
544 if (sudo_debug_fd != -1 && fd != sudo_debug_fd) {
545 if (dup2(sudo_debug_fd, fd) == -1)
547 (void)fcntl(fd, F_SETFD, FD_CLOEXEC);
548 close(sudo_debug_fd);
551 return sudo_debug_fd;