2 * Copyright (c) 2009-2011 Todd C. Miller <Todd.Miller@courtesan.com>
4 * Permission to use, copy, modify, and distribute this software for any
5 * purpose with or without fee is hereby granted, provided that the above
6 * copyright notice and this permission notice appear in all copies.
8 * THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES
9 * WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF
10 * MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR
11 * ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES
12 * WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN
13 * ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF
14 * OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
19 #include <sys/types.h>
20 #include <sys/param.h>
31 #endif /* STDC_HEADERS */
34 #endif /* HAVE_STRING_H */
37 #endif /* HAVE_STRINGS_H */
40 #endif /* HAVE_UNISTD_H */
41 #if TIME_WITH_SYS_TIME
57 extern sigjmp_buf error_jmp;
68 int len; /* buffer length (how much read in) */
69 int off; /* write position (how much already consumed) */
73 /* XXX - separate sudoers.h and iolog.h? */
77 struct iolog_details {
82 const char *iolog_path;
83 struct passwd *runas_pw;
84 struct group *runas_gr;
100 #define SESSID_MAX 2176782336U
102 static int iolog_compress;
103 static struct timeval last_time;
104 static union io_fd io_fds[IOFD_MAX];
105 extern struct io_plugin sudoers_io;
108 * Create parent directories for path as needed, but not path itself.
111 mkdir_parents(char *path)
117 if ((slash = strchr(slash + 1, '/')) == NULL)
120 if (stat(path, &sb) != 0) {
121 if (mkdir(path, S_IRWXU) != 0)
122 log_error(USE_ERRNO, "Can't mkdir %s", path);
123 } else if (!S_ISDIR(sb.st_mode)) {
124 log_error(0, "%s: %s", path, strerror(ENOTDIR));
131 * Read the on-disk sequence number, set sessid to the next
132 * number, and update the on-disk copy.
133 * Uses file locking to avoid sequence number collisions.
136 io_nextid(char *iolog_dir, char sessid[7])
141 unsigned long id = 0;
144 char pathbuf[PATH_MAX];
145 static const char b36char[] = "0123456789ABCDEFGHIJKLMNOPQRSTUVWXYZ";
148 * Create I/O log directory if it doesn't already exist.
150 mkdir_parents(iolog_dir);
151 if (stat(iolog_dir, &sb) != 0) {
152 if (mkdir(iolog_dir, S_IRWXU) != 0)
153 log_error(USE_ERRNO, "Can't mkdir %s", iolog_dir);
154 } else if (!S_ISDIR(sb.st_mode)) {
155 log_error(0, "%s exists but is not a directory (0%o)",
156 iolog_dir, (unsigned int) sb.st_mode);
162 len = snprintf(pathbuf, sizeof(pathbuf), "%s/seq", iolog_dir);
163 if (len <= 0 || len >= sizeof(pathbuf)) {
164 errno = ENAMETOOLONG;
165 log_error(USE_ERRNO, "%s/seq", pathbuf);
167 fd = open(pathbuf, O_RDWR|O_CREAT, S_IRUSR|S_IWUSR);
169 log_error(USE_ERRNO, "cannot open %s", pathbuf);
170 lock_file(fd, SUDO_LOCK);
172 /* Read seq number (base 36). */
173 nread = read(fd, buf, sizeof(buf));
176 log_error(USE_ERRNO, "cannot read %s", pathbuf);
177 id = strtoul(buf, &ep, 36);
178 if (buf == ep || id >= SESSID_MAX)
179 log_error(0, "invalid sequence number %s", pathbuf);
184 * Convert id to a string and stash in sessid.
185 * Note that that least significant digits go at the end of the string.
187 for (i = 5; i >= 0; i--) {
188 buf[i] = b36char[id % 36];
193 /* Stash id logging purposes */
194 memcpy(sessid, buf, 6);
197 /* Rewind and overwrite old seq file. */
198 if (lseek(fd, 0, SEEK_SET) == (off_t)-1 || write(fd, buf, 7) != 7)
199 log_error(USE_ERRNO, "Can't write to %s", pathbuf);
204 * Copy iolog_path to pathbuf and create the directory and any intermediate
205 * directories. If iolog_path ends in 'XXXXXX', use mkdtemp().
208 mkdir_iopath(const char *iolog_path, char *pathbuf, size_t pathsize)
212 len = strlcpy(pathbuf, iolog_path, pathsize);
213 if (len >= pathsize) {
214 errno = ENAMETOOLONG;
215 log_error(USE_ERRNO, "%s", iolog_path);
219 * Create path and intermediate subdirs as needed.
220 * If path ends in at least 6 Xs (ala POSIX mktemp), use mkdtemp().
222 mkdir_parents(pathbuf);
223 if (len >= 6 && strcmp(&pathbuf[len - 6], "XXXXXX") == 0) {
224 if (mkdtemp(pathbuf) == NULL)
225 log_error(USE_ERRNO, "Can't create %s", pathbuf);
227 if (mkdir(pathbuf, S_IRWXU) != 0)
228 log_error(USE_ERRNO, "Can't create %s", pathbuf);
235 * Append suffix to pathbuf after len chars and open the resulting file.
236 * Note that the size of pathbuf is assumed to be PATH_MAX.
237 * Uses zlib if docompress is TRUE.
238 * Returns the open file handle which has the close-on-exec flag set.
241 open_io_fd(char *pathbuf, size_t len, const char *suffix, int docompress)
247 strlcat(pathbuf, suffix, PATH_MAX);
248 fd = open(pathbuf, O_CREAT|O_EXCL|O_WRONLY, S_IRUSR|S_IWUSR);
250 fcntl(fd, F_SETFD, FD_CLOEXEC);
253 vfd = gzdopen(fd, "w");
256 vfd = fdopen(fd, "w");
262 * Pull out I/O log related data from user_info and command_info arrays.
265 iolog_deserialize_info(struct iolog_details *details, char * const user_info[],
266 char * const command_info[])
268 const char *runas_uid_str = "0", *runas_euid_str = NULL;
269 const char *runas_gid_str = "0", *runas_egid_str = NULL;
270 char id[MAX_UID_T_LEN + 2], *ep;
276 memset(details, 0, sizeof(*details));
278 for (cur = user_info; *cur != NULL; cur++) {
281 if (strncmp(*cur, "cwd=", sizeof("cwd=") - 1) == 0) {
282 details->cwd = *cur + sizeof("cwd=") - 1;
287 if (strncmp(*cur, "tty=", sizeof("tty=") - 1) == 0) {
288 details->tty = *cur + sizeof("tty=") - 1;
293 if (strncmp(*cur, "user=", sizeof("user=") - 1) == 0) {
294 details->user = *cur + sizeof("user=") - 1;
301 for (cur = command_info; *cur != NULL; cur++) {
304 if (strncmp(*cur, "command=", sizeof("command=") - 1) == 0) {
305 details->command = *cur + sizeof("command=") - 1;
310 if (strncmp(*cur, "iolog_path=", sizeof("iolog_path=") - 1) == 0) {
311 details->iolog_path = *cur + sizeof("iolog_path=") - 1;
314 if (strncmp(*cur, "iolog_stdin=", sizeof("iolog_stdin=") - 1) == 0) {
315 if (atobool(*cur + sizeof("iolog_stdin=") - 1) == TRUE)
316 details->iolog_stdin = TRUE;
319 if (strncmp(*cur, "iolog_stdout=", sizeof("iolog_stdout=") - 1) == 0) {
320 if (atobool(*cur + sizeof("iolog_stdout=") - 1) == TRUE)
321 details->iolog_stdout = TRUE;
324 if (strncmp(*cur, "iolog_stderr=", sizeof("iolog_stderr=") - 1) == 0) {
325 if (atobool(*cur + sizeof("iolog_stderr=") - 1) == TRUE)
326 details->iolog_stderr = TRUE;
329 if (strncmp(*cur, "iolog_ttyin=", sizeof("iolog_ttyin=") - 1) == 0) {
330 if (atobool(*cur + sizeof("iolog_ttyin=") - 1) == TRUE)
331 details->iolog_ttyin = TRUE;
334 if (strncmp(*cur, "iolog_ttyout=", sizeof("iolog_ttyout=") - 1) == 0) {
335 if (atobool(*cur + sizeof("iolog_ttyout=") - 1) == TRUE)
336 details->iolog_ttyout = TRUE;
339 if (strncmp(*cur, "iolog_compress=", sizeof("iolog_compress=") - 1) == 0) {
340 if (atobool(*cur + sizeof("iolog_compress=") - 1) == TRUE)
341 iolog_compress = TRUE; /* must be global */
346 if (strncmp(*cur, "runas_gid=", sizeof("runas_gid=") - 1) == 0) {
347 runas_gid_str = *cur + sizeof("runas_gid=") - 1;
350 if (strncmp(*cur, "runas_egid=", sizeof("runas_egid=") - 1) == 0) {
351 runas_egid_str = *cur + sizeof("runas_egid=") - 1;
354 if (strncmp(*cur, "runas_uid=", sizeof("runas_uid=") - 1) == 0) {
355 runas_uid_str = *cur + sizeof("runas_uid=") - 1;
358 if (strncmp(*cur, "runas_euid=", sizeof("runas_euid=") - 1) == 0) {
359 runas_euid_str = *cur + sizeof("runas_euid=") - 1;
367 * Lookup runas user and group, preferring effective over real uid/gid.
369 if (runas_euid_str != NULL)
370 runas_uid_str = runas_euid_str;
371 if (runas_uid_str != NULL) {
373 ulval = strtoul(runas_uid_str, &ep, 0);
374 if (*runas_uid_str != '\0' && *ep == '\0' &&
375 (errno != ERANGE || ulval != ULONG_MAX)) {
376 runas_uid = (uid_t)ulval;
379 if (runas_egid_str != NULL)
380 runas_gid_str = runas_egid_str;
381 if (runas_gid_str != NULL) {
383 ulval = strtoul(runas_gid_str, &ep, 0);
384 if (*runas_gid_str != '\0' && *ep == '\0' &&
385 (errno != ERANGE || ulval != ULONG_MAX)) {
386 runas_gid = (gid_t)ulval;
390 details->runas_pw = sudo_getpwuid(runas_uid);
391 if (details->runas_pw == NULL) {
393 strlcpy(&id[1], runas_uid_str, sizeof(id) - 1);
394 details->runas_pw = sudo_fakepwnam(id, runas_gid);
397 if (runas_gid != details->runas_pw->pw_gid) {
398 details->runas_gr = sudo_getgrgid(runas_gid);
399 if (details->runas_gr == NULL) {
401 strlcpy(&id[1], runas_gid_str, sizeof(id) - 1);
402 details->runas_gr = sudo_fakegrnam(id);
408 sudoers_io_open(unsigned int version, sudo_conv_t conversation,
409 sudo_printf_t plugin_printf, char * const settings[],
410 char * const user_info[], char * const command_info[],
411 int argc, char * const argv[], char * const user_env[])
413 struct iolog_details details;
414 char pathbuf[PATH_MAX], sessid[7];
422 sudo_conv = conversation;
424 sudo_printf = plugin_printf;
426 /* If we have no command (because -V was specified) just return. */
430 if (sigsetjmp(error_jmp, 1)) {
431 /* called via error(), errorx() or log_error() */
440 * Pull iolog settings out of command_info, if any.
442 iolog_deserialize_info(&details, user_info, command_info);
443 /* Did policy module disable I/O logging? */
444 if (!details.iolog_stdin && !details.iolog_ttyin &&
445 !details.iolog_stdout && !details.iolog_stderr &&
446 !details.iolog_ttyout) {
451 /* If no I/O log path defined we need to figure it out ourselves. */
452 if (details.iolog_path == NULL) {
453 /* Get next session ID and convert it into a path. */
454 tofree = emalloc(sizeof(_PATH_SUDO_IO_LOGDIR) + sizeof(sessid) + 2);
455 memcpy(tofree, _PATH_SUDO_IO_LOGDIR, sizeof(_PATH_SUDO_IO_LOGDIR));
456 io_nextid(tofree, sessid);
457 snprintf(tofree + sizeof(_PATH_SUDO_IO_LOGDIR), sizeof(sessid) + 2,
458 "%c%c/%c%c/%c%c", sessid[0], sessid[1], sessid[2], sessid[3],
459 sessid[4], sessid[5]);
460 details.iolog_path = tofree;
464 * Make local copy of I/O log path and create it, along with any
465 * intermediate subdirs. Calls mkdtemp() if iolog_path ends in XXXXXX.
467 len = mkdir_iopath(details.iolog_path, pathbuf, sizeof(pathbuf));
468 if (len >= sizeof(pathbuf))
472 * We create 7 files: a log file, a timing file and 5 for input/output.
474 io_logfile = open_io_fd(pathbuf, len, "/log", FALSE);
475 if (io_logfile == NULL)
476 log_error(USE_ERRNO, "Can't create %s", pathbuf);
478 io_fds[IOFD_TIMING].v = open_io_fd(pathbuf, len, "/timing",
480 if (io_fds[IOFD_TIMING].v == NULL)
481 log_error(USE_ERRNO, "Can't create %s", pathbuf);
483 if (details.iolog_ttyin) {
484 io_fds[IOFD_TTYIN].v = open_io_fd(pathbuf, len, "/ttyin",
486 if (io_fds[IOFD_TTYIN].v == NULL)
487 log_error(USE_ERRNO, "Can't create %s", pathbuf);
489 sudoers_io.log_ttyin = NULL;
491 if (details.iolog_stdin) {
492 io_fds[IOFD_STDIN].v = open_io_fd(pathbuf, len, "/stdin",
494 if (io_fds[IOFD_STDIN].v == NULL)
495 log_error(USE_ERRNO, "Can't create %s", pathbuf);
497 sudoers_io.log_stdin = NULL;
499 if (details.iolog_ttyout) {
500 io_fds[IOFD_TTYOUT].v = open_io_fd(pathbuf, len, "/ttyout",
502 if (io_fds[IOFD_TTYOUT].v == NULL)
503 log_error(USE_ERRNO, "Can't create %s", pathbuf);
505 sudoers_io.log_ttyout = NULL;
507 if (details.iolog_stdout) {
508 io_fds[IOFD_STDOUT].v = open_io_fd(pathbuf, len, "/stdout",
510 if (io_fds[IOFD_STDOUT].v == NULL)
511 log_error(USE_ERRNO, "Can't create %s", pathbuf);
513 sudoers_io.log_stdout = NULL;
515 if (details.iolog_stderr) {
516 io_fds[IOFD_STDERR].v = open_io_fd(pathbuf, len, "/stderr",
518 if (io_fds[IOFD_STDERR].v == NULL)
519 log_error(USE_ERRNO, "Can't create %s", pathbuf);
521 sudoers_io.log_stderr = NULL;
524 gettimeofday(&last_time, NULL);
526 fprintf(io_logfile, "%ld:%s:%s:%s:%s\n", (long)last_time.tv_sec,
527 details.user ? details.user : "unknown", details.runas_pw->pw_name,
528 details.runas_gr ? details.runas_gr->gr_name : "",
529 details.tty ? details.tty : "unknown");
530 fputs(details.cwd ? details.cwd : "unknown", io_logfile);
531 fputc('\n', io_logfile);
532 fputs(details.command ? details.command : "unknown", io_logfile);
533 for (cur = &argv[1]; *cur != NULL; cur++) {
535 fputc(' ', io_logfile);
536 fputs(*cur, io_logfile);
538 fputc('\n', io_logfile);
545 if (details.runas_pw)
546 pw_delref(details.runas_pw);
548 if (details.runas_gr)
549 gr_delref(details.runas_gr);
556 sudoers_io_close(int exit_status, int error)
560 if (sigsetjmp(error_jmp, 1)) {
561 /* called via error(), errorx() or log_error() */
565 for (i = 0; i < IOFD_MAX; i++) {
566 if (io_fds[i].v == NULL)
570 gzclose(io_fds[i].g);
578 sudoers_io_version(int verbose)
580 if (sigsetjmp(error_jmp, 1)) {
581 /* called via error(), errorx() or log_error() */
585 sudo_printf(SUDO_CONV_INFO_MSG, "Sudoers I/O plugin version %s\n",
592 * Generic I/O logging function. Called by the I/O logging entry points.
595 sudoers_io_log(const char *buf, unsigned int len, int idx)
597 struct timeval now, delay;
599 gettimeofday(&now, NULL);
601 if (sigsetjmp(error_jmp, 1)) {
602 /* called via error(), errorx() or log_error() */
608 gzwrite(io_fds[idx].g, buf, len);
611 fwrite(buf, 1, len, io_fds[idx].f);
612 delay.tv_sec = now.tv_sec;
613 delay.tv_usec = now.tv_usec;
614 timevalsub(&delay, &last_time);
617 gzprintf(io_fds[IOFD_TIMING].g, "%d %f %d\n", idx,
618 delay.tv_sec + ((double)delay.tv_usec / 1000000), len);
621 fprintf(io_fds[IOFD_TIMING].f, "%d %f %d\n", idx,
622 delay.tv_sec + ((double)delay.tv_usec / 1000000), len);
623 last_time.tv_sec = now.tv_sec;
624 last_time.tv_usec = now.tv_usec;
630 sudoers_io_log_ttyin(const char *buf, unsigned int len)
632 return sudoers_io_log(buf, len, IOFD_TTYIN);
636 sudoers_io_log_ttyout(const char *buf, unsigned int len)
638 return sudoers_io_log(buf, len, IOFD_TTYOUT);
642 sudoers_io_log_stdin(const char *buf, unsigned int len)
644 return sudoers_io_log(buf, len, IOFD_STDIN);
648 sudoers_io_log_stdout(const char *buf, unsigned int len)
650 return sudoers_io_log(buf, len, IOFD_STDOUT);
654 sudoers_io_log_stderr(const char *buf, unsigned int len)
656 return sudoers_io_log(buf, len, IOFD_STDERR);
659 struct io_plugin sudoers_io = {
665 sudoers_io_log_ttyin,
666 sudoers_io_log_ttyout,
667 sudoers_io_log_stdin,
668 sudoers_io_log_stdout,
669 sudoers_io_log_stderr