2 * Copyright (c) 1994-1996,1998-2004 Todd C. Miller <Todd.Miller@courtesan.com>
4 * Permission to use, copy, modify, and distribute this software for any
5 * purpose with or without fee is hereby granted, provided that the above
6 * copyright notice and this permission notice appear in all copies.
8 * THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES
9 * WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF
10 * MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR
11 * ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES
12 * WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN
13 * ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF
14 * OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
16 * Sponsored in part by the Defense Advanced Research Projects
17 * Agency (DARPA) and Air Force Research Laboratory, Air Force
18 * Materiel Command, USAF, under agreement number F39502-99-1-0512.
27 #include <sys/types.h>
28 #include <sys/param.h>
39 #endif /* STDC_HEADERS */
43 # ifdef HAVE_STRINGS_H
46 #endif /* HAVE_STRING_H */
49 #endif /* HAVE_UNISTD_H */
53 # include "emul/err.h"
54 #endif /* HAVE_ERR_H */
63 static const char rcsid[] = "$Sudo: logging.c,v 1.168 2004/05/17 20:08:46 millert Exp $";
66 static void do_syslog __P((int, char *));
67 static void do_logfile __P((char *));
68 static void send_mail __P((char *));
69 static void mail_auth __P((int, char *));
70 static char *get_timestr __P((void));
71 static void mysyslog __P((int, const char *, ...));
73 #define MAXSYSLOGTRIES 16 /* num of retries for broken syslogs */
76 * We do an openlog(3)/closelog(3) for each message because some
77 * authentication methods (notably PAM) use syslog(3) for their
78 * own nefarious purposes and may call openlog(3) and closelog(3).
79 * Note that because we don't want to assume that all systems have
80 * vsyslog(3) (HP-UX doesn't) "%m" will not be expanded.
81 * Sadly this is a maze of #ifdefs.
85 mysyslog(int pri, const char *fmt, ...)
87 mysyslog(pri, fmt, va_alist)
96 char buf[MAXSYSLOGLEN+1];
104 #ifdef LOG_NFACILITIES
105 openlog("sudo", 0, def_syslog);
109 vsnprintf(buf, sizeof(buf), fmt, ap);
112 * Some versions of syslog(3) don't guarantee success and return
113 * an int (notably HP-UX < 10.0). So, if at first we don't succeed,
116 for (i = 0; i < MAXSYSLOGTRIES; i++)
117 if (syslog(pri, "%s", buf) == 0)
120 syslog(pri, "%s", buf);
121 #endif /* BROKEN_SYSLOG */
127 * Log a message to syslog, pre-pending the username and splitting the
128 * message into parts if it is longer than MAXSYSLOGLEN.
141 * Log the full line, breaking into multiple syslog(3) calls if necessary
143 for (p = msg, count = 0; *p && count < strlen(msg) / MAXSYSLOGLEN + 1;
145 if (strlen(p) > MAXSYSLOGLEN) {
147 * Break up the line into what will fit on one syslog(3) line
148 * Try to break on a word boundary if possible.
150 for (tmp = p + MAXSYSLOGLEN; tmp > p && *tmp != ' '; tmp--)
153 tmp = p + MAXSYSLOGLEN;
155 /* NULL terminate line, but save the char to restore later */
160 mysyslog(pri, "%8s : %s", user_name, p);
162 mysyslog(pri, "%8s : (command continued) %s", user_name, p);
164 *tmp = save; /* restore saved character */
166 /* Eliminate leading whitespace */
167 for (p = tmp; *p != ' ' && *p !='\0'; p++)
171 mysyslog(pri, "%8s : %s", user_name, p);
173 mysyslog(pri, "%8s : (command continued) %s", user_name, p);
183 char *beg, *oldend, *end;
188 oldmask = umask(077);
189 maxlen = def_loglinelen > 0 ? def_loglinelen : 0;
190 fp = fopen(def_logfile, "a");
191 (void) umask(oldmask);
193 easprintf(&full_line, "Can't open log file: %s: %s",
194 def_logfile, strerror(errno));
195 send_mail(full_line);
197 } else if (!lock_file(fileno(fp), SUDO_LOCK)) {
198 easprintf(&full_line, "Can't lock log file: %s: %s",
199 def_logfile, strerror(errno));
200 send_mail(full_line);
203 if (def_loglinelen == 0) {
204 /* Don't pretty-print long log file lines (hard to grep) */
206 (void) fprintf(fp, "%s : %s : HOST=%s : %s\n", get_timestr(),
207 user_name, user_shost, msg);
209 (void) fprintf(fp, "%s : %s : %s\n", get_timestr(),
213 easprintf(&full_line, "%s : %s : HOST=%s : %s", get_timestr(),
214 user_name, user_shost, msg);
216 easprintf(&full_line, "%s : %s : %s", get_timestr(),
220 * Print out full_line with word wrap
222 beg = end = full_line;
225 end = strchr(oldend, ' ');
227 if (maxlen > 0 && end) {
229 if (strlen(beg) > maxlen) {
230 /* too far, need to back up & print the line */
232 if (beg == (char *)full_line)
233 maxlen -= 4; /* don't indent first line */
242 (void) fprintf(fp, "%s\n ", beg);
245 (void) fprintf(fp, "%s\n ", beg);
248 /* reset beg to point to the start of the new substr */
253 /* we still have room */
257 /* remove leading whitespace */
262 (void) fprintf(fp, "%s\n", beg);
263 beg = NULL; /* exit condition */
269 (void) lock_file(fileno(fp), SUDO_UNLOCK);
275 * Two main functions, log_error() to log errors and log_auth() to
276 * log allow/deny messages.
279 log_auth(status, inform_user)
287 if (ISSET(status, VALIDATE_OK))
288 pri = def_syslog_goodpri;
290 pri = def_syslog_badpri;
292 /* Set error message, if any. */
293 if (ISSET(status, VALIDATE_OK))
295 else if (ISSET(status, FLAG_NO_USER))
296 message = "user NOT in sudoers ; ";
297 else if (ISSET(status, FLAG_NO_HOST))
298 message = "user NOT authorized on host ; ";
299 else if (ISSET(status, VALIDATE_NOT_OK))
300 message = "command not allowed ; ";
302 message = "unknown error ; ";
304 easprintf(&logline, "%sTTY=%s ; PWD=%s ; USER=%s ; COMMAND=%s%s%s",
305 message, user_tty, user_cwd, *user_runas, user_cmnd,
306 user_args ? " " : "", user_args ? user_args : "");
308 mail_auth(status, logline); /* send mail based on status */
310 /* Inform the user if they failed to authenticate. */
311 if (inform_user && ISSET(status, VALIDATE_NOT_OK)) {
312 if (ISSET(status, FLAG_NO_USER))
313 (void) fprintf(stderr, "%s is not in the sudoers file. %s",
314 user_name, "This incident will be reported.\n");
315 else if (ISSET(status, FLAG_NO_HOST))
316 (void) fprintf(stderr, "%s is not allowed to run sudo on %s. %s",
317 user_name, user_shost, "This incident will be reported.\n");
318 else if (ISSET(status, FLAG_NO_CHECK))
319 (void) fprintf(stderr, "Sorry, user %s may not run sudo on %s.\n",
320 user_name, user_shost);
322 (void) fprintf(stderr,
323 "Sorry, user %s is not allowed to execute '%s%s%s' as %s on %s.\n",
324 user_name, user_cmnd, user_args ? " " : "",
325 user_args ? user_args : "", *user_runas, user_host);
329 * Log via syslog and/or a file.
332 do_syslog(pri, logline);
341 log_error(int flags, const char *fmt, ...)
358 flags = va_arg(ap, int);
359 fmt = va_arg(ap, const char *);
362 /* Become root if we are not already to avoid user control */
364 set_perms(PERM_ROOT);
366 /* Expand printf-style format + args. */
367 evasprintf(&message, fmt, ap);
370 if (flags & MSG_ONLY)
372 else if (flags & USE_ERRNO) {
375 "%s: %s ; TTY=%s ; PWD=%s ; USER=%s ; COMMAND=%s %s",
376 message, strerror(serrno), user_tty, user_cwd, *user_runas,
377 user_cmnd, user_args);
380 "%s: %s ; TTY=%s ; PWD=%s ; USER=%s ; COMMAND=%s", message,
381 strerror(serrno), user_tty, user_cwd, *user_runas, user_cmnd);
386 "%s ; TTY=%s ; PWD=%s ; USER=%s ; COMMAND=%s %s", message,
387 user_tty, user_cwd, *user_runas, user_cmnd, user_args);
390 "%s ; TTY=%s ; PWD=%s ; USER=%s ; COMMAND=%s", message,
391 user_tty, user_cwd, *user_runas, user_cmnd);
398 if (flags & USE_ERRNO)
401 warnx("%s", message);
404 * Send a copy of the error via mail.
406 if (!(flags & NO_MAIL))
410 * Log to syslog and/or a file.
413 do_syslog(def_syslog_badpri, logline);
418 if (logline != message)
421 if (!(flags & NO_EXIT))
425 #define MAX_MAILFLAGS 63
428 * Send a message to MAILTO user
439 #ifndef NO_ROOT_MAILER
440 static char *root_envp[] = {
442 "PATH=/usr/bin:/bin",
449 /* Just return if mailer is disabled. */
450 if (!def_mailerpath || !def_mailto)
453 (void) sigemptyset(&set);
454 (void) sigaddset(&set, SIGCHLD);
455 (void) sigprocmask(SIG_BLOCK, &set, &oset);
458 err(1, "cannot open pipe");
460 switch (pid = fork()) {
463 err(1, "cannot fork");
467 char *argv[MAX_MAILFLAGS + 1];
468 char *mpath, *mflags;
471 /* Child, set stdin to output side of the pipe */
472 if (pfd[0] != STDIN_FILENO) {
473 (void) dup2(pfd[0], STDIN_FILENO);
474 (void) close(pfd[0]);
476 (void) close(pfd[1]);
478 /* Build up an argv based the mailer path and flags */
479 mflags = estrdup(def_mailerflags);
480 mpath = estrdup(def_mailerpath);
481 if ((argv[0] = strrchr(mpath, ' ')))
487 if ((p = strtok(mflags, " \t"))) {
490 } while (++i < MAX_MAILFLAGS && (p = strtok(NULL, " \t")));
494 /* Close password file so we don't leak the fd. */
498 * Depending on the config, either run the mailer as root
499 * (so user cannot kill it) or as the user (for the paranoid).
501 #ifndef NO_ROOT_MAILER
502 set_perms(PERM_FULL_ROOT);
503 execve(mpath, argv, root_envp);
505 set_perms(PERM_FULL_USER);
507 #endif /* NO_ROOT_MAILER */
513 (void) close(pfd[0]);
514 mail = fdopen(pfd[1], "w");
516 /* Pipes are all setup, send message via sendmail. */
517 (void) fprintf(mail, "To: %s\nFrom: %s\nSubject: ",
518 def_mailto, user_name);
519 for (p = def_mailsub; *p; p++) {
520 /* Expand escapes in the subject */
521 if (*p == '%' && *(p+1) != '%') {
524 (void) fputs(user_host, mail);
527 (void) fputs(user_name, mail);
534 (void) fputc(*p, mail);
536 (void) fprintf(mail, "\n\n%s : %s : %s : %s\n\n", user_host,
537 get_timestr(), user_name, line);
540 /* If mailer is done, wait for it now. If not, we'll get it later. */
542 (void) sigprocmask(SIG_SETMASK, &oset, NULL);
546 * Send mail based on the value of "status" and compile-time options.
549 mail_auth(status, line)
555 /* If any of these bits are set in status, we send mail. */
558 VALIDATE_ERROR|VALIDATE_OK|FLAG_NO_USER|FLAG_NO_HOST|VALIDATE_NOT_OK;
560 mail_mask = VALIDATE_ERROR;
561 if (def_mail_no_user)
562 SET(mail_mask, FLAG_NO_USER);
563 if (def_mail_no_host)
564 SET(mail_mask, FLAG_NO_HOST);
565 if (def_mail_no_perms)
566 SET(mail_mask, VALIDATE_NOT_OK);
569 if ((status & mail_mask) != 0)
574 * SIGCHLD sig handler--wait for children as they die.
580 int status, serrno = errno;
585 pid = sudo_waitpid(-1, &status, WNOHANG);
586 } while (pid != 0 && (pid != -1 || errno == EINTR));
588 (void) wait(&status);
594 * Return an ascii string with the current date + time
595 * Uses strftime() if available, else falls back to ctime().
601 time_t now = time((time_t) 0);
603 static char buf[128];
606 timeptr = localtime(&now);
612 /* strftime() does not guarantee to NUL-terminate so we must check. */
613 buf[sizeof(buf) - 1] = '\0';
614 if (strftime(buf, sizeof(buf), s, timeptr) && buf[sizeof(buf) - 1] == '\0')
617 #endif /* HAVE_STRFTIME */
619 s = ctime(&now) + 4; /* skip day of the week */
621 s[20] = '\0'; /* avoid the newline */
623 s[15] = '\0'; /* don't care about year */