mir/sudo
2
0
Fork 0
mirror of https://github.com/sudo-project/sudo.git synced 2025-08-22 01:49:11 +00:00
Code Issues Releases Wiki Activity

Rename ExecMessage -> AcceptMessage and add RejectMessage

Browse Source
This commit is contained in:
Todd C. Miller 2019-10-24 20:04:31 -06:00
parent 2e2d9e8694
commit 077e9aebbf
8 changed files with 442 additions and 196 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

16
logsrvd/iolog_writer.c
View File

@ -64,11 +64,11 @@ has_strlistval(InfoMessage *info)
}
/*
* Fill in I/O log details from an ExecMessage
* Fill in I/O log details from an AcceptMessage
* Only makes a shallow copy of strings and string lists.
*/
static bool
iolog_details_fill(struct iolog_details *details, ExecMessage *msg)
iolog_details_fill(struct iolog_details *details, AcceptMessage *msg)
{
size_t idx;
bool ret = true;
@ -76,8 +76,8 @@ iolog_details_fill(struct iolog_details *details, ExecMessage *msg)
memset(details, 0, sizeof(*details));
/* Start time. */
details->start_time = msg->start_time->tv_sec;
/* Submit time. */
details->submit_time = msg->submit_time->tv_sec;
/* Default values */
details->lines = 24;
@ -211,17 +211,17 @@ iolog_details_fill(struct iolog_details *details, ExecMessage *msg)
/* Check for required settings */
if (details->submituser == NULL) {
sudo_debug_printf(SUDO_DEBUG_ERROR|SUDO_DEBUG_LINENO,
"missing user in ExecMessage");
"missing user in AcceptMessage");
ret = false;
}
if (details->submithost == NULL) {
sudo_debug_printf(SUDO_DEBUG_ERROR|SUDO_DEBUG_LINENO,
"missing host in ExecMessage");
"missing host in AcceptMessage");
ret = false;
}
if (details->command == NULL) {
sudo_debug_printf(SUDO_DEBUG_ERROR|SUDO_DEBUG_LINENO,
"missing command in ExecMessage");
"missing command in AcceptMessage");
ret = false;
}
@ -466,7 +466,7 @@ iolog_close_all(struct connection_closure *closure)
}
bool
iolog_init(ExecMessage *msg, struct connection_closure *closure)
iolog_init(AcceptMessage *msg, struct connection_closure *closure)
{
struct iolog_details details;
debug_decl(iolog_init, SUDO_DEBUG_UTIL)

267
logsrvd/log_server.pb-c.c
View File

@ -193,49 +193,94 @@ void info_message__free_unpacked
assert(message->base.descriptor == &info_message__descriptor);
protobuf_c_message_free_unpacked ((ProtobufCMessage*)message, allocator);
}
void exec_message__init
(ExecMessage *message)
void accept_message__init
(AcceptMessage *message)
{
static const ExecMessage init_value = EXEC_MESSAGE__INIT;
static const AcceptMessage init_value = ACCEPT_MESSAGE__INIT;
*message = init_value;
}
size_t exec_message__get_packed_size
(const ExecMessage *message)
size_t accept_message__get_packed_size
(const AcceptMessage *message)
{
assert(message->base.descriptor == &exec_message__descriptor);
assert(message->base.descriptor == &accept_message__descriptor);
return protobuf_c_message_get_packed_size ((const ProtobufCMessage*)(message));
}
size_t exec_message__pack
(const ExecMessage *message,
size_t accept_message__pack
(const AcceptMessage *message,
uint8_t *out)
{
assert(message->base.descriptor == &exec_message__descriptor);
assert(message->base.descriptor == &accept_message__descriptor);
return protobuf_c_message_pack ((const ProtobufCMessage*)message, out);
}
size_t exec_message__pack_to_buffer
(const ExecMessage *message,
size_t accept_message__pack_to_buffer
(const AcceptMessage *message,
ProtobufCBuffer *buffer)
{
assert(message->base.descriptor == &exec_message__descriptor);
assert(message->base.descriptor == &accept_message__descriptor);
return protobuf_c_message_pack_to_buffer ((const ProtobufCMessage*)message, buffer);
}
ExecMessage *
exec_message__unpack
AcceptMessage *
accept_message__unpack
(ProtobufCAllocator *allocator,
size_t len,
const uint8_t *data)
{
return (ExecMessage *)
protobuf_c_message_unpack (&exec_message__descriptor,
return (AcceptMessage *)
protobuf_c_message_unpack (&accept_message__descriptor,
allocator, len, data);
}
void exec_message__free_unpacked
(ExecMessage *message,
void accept_message__free_unpacked
(AcceptMessage *message,
ProtobufCAllocator *allocator)
{
if(!message)
return;
assert(message->base.descriptor == &exec_message__descriptor);
assert(message->base.descriptor == &accept_message__descriptor);
protobuf_c_message_free_unpacked ((ProtobufCMessage*)message, allocator);
}
void reject_message__init
(RejectMessage *message)
{
static const RejectMessage init_value = REJECT_MESSAGE__INIT;
*message = init_value;
}
size_t reject_message__get_packed_size
(const RejectMessage *message)
{
assert(message->base.descriptor == &reject_message__descriptor);
return protobuf_c_message_get_packed_size ((const ProtobufCMessage*)(message));
}
size_t reject_message__pack
(const RejectMessage *message,
uint8_t *out)
{
assert(message->base.descriptor == &reject_message__descriptor);
return protobuf_c_message_pack ((const ProtobufCMessage*)message, out);
}
size_t reject_message__pack_to_buffer
(const RejectMessage *message,
ProtobufCBuffer *buffer)
{
assert(message->base.descriptor == &reject_message__descriptor);
return protobuf_c_message_pack_to_buffer ((const ProtobufCMessage*)message, buffer);
}
RejectMessage *
reject_message__unpack
(ProtobufCAllocator *allocator,
size_t len,
const uint8_t *data)
{
return (RejectMessage *)
protobuf_c_message_unpack (&reject_message__descriptor,
allocator, len, data);
}
void reject_message__free_unpacked
(RejectMessage *message,
ProtobufCAllocator *allocator)
{
if(!message)
return;
assert(message->base.descriptor == &reject_message__descriptor);
protobuf_c_message_free_unpacked ((ProtobufCMessage*)message, allocator);
}
void exit_message__init
@ -553,23 +598,35 @@ void server_hello__free_unpacked
assert(message->base.descriptor == &server_hello__descriptor);
protobuf_c_message_free_unpacked ((ProtobufCMessage*)message, allocator);
}
static const ProtobufCFieldDescriptor client_message__field_descriptors[11] =
static const ProtobufCFieldDescriptor client_message__field_descriptors[12] =
{
{
"exec_msg",
"accept_msg",
1,
PROTOBUF_C_LABEL_NONE,
PROTOBUF_C_TYPE_MESSAGE,
offsetof(ClientMessage, type_case),
offsetof(ClientMessage, exec_msg),
&exec_message__descriptor,
offsetof(ClientMessage, accept_msg),
&accept_message__descriptor,
NULL,
0 | PROTOBUF_C_FIELD_FLAG_ONEOF, /* flags */
0,NULL,NULL /* reserved1,reserved2, etc */
},
{
"reject_msg",
2,
PROTOBUF_C_LABEL_NONE,
PROTOBUF_C_TYPE_MESSAGE,
offsetof(ClientMessage, type_case),
offsetof(ClientMessage, reject_msg),
&reject_message__descriptor,
NULL,
0 | PROTOBUF_C_FIELD_FLAG_ONEOF, /* flags */
0,NULL,NULL /* reserved1,reserved2, etc */
},
{
"exit_msg",
2,
3,
PROTOBUF_C_LABEL_NONE,
PROTOBUF_C_TYPE_MESSAGE,
offsetof(ClientMessage, type_case),
@ -581,7 +638,7 @@ static const ProtobufCFieldDescriptor client_message__field_descriptors[11] =
},
{
"restart_msg",
3,
4,
PROTOBUF_C_LABEL_NONE,
PROTOBUF_C_TYPE_MESSAGE,
offsetof(ClientMessage, type_case),
@ -593,7 +650,7 @@ static const ProtobufCFieldDescriptor client_message__field_descriptors[11] =
},
{
"alert_msg",
4,
5,
PROTOBUF_C_LABEL_NONE,
PROTOBUF_C_TYPE_MESSAGE,
offsetof(ClientMessage, type_case),
@ -605,7 +662,7 @@ static const ProtobufCFieldDescriptor client_message__field_descriptors[11] =
},
{
"ttyin_buf",
5,
6,
PROTOBUF_C_LABEL_NONE,
PROTOBUF_C_TYPE_MESSAGE,
offsetof(ClientMessage, type_case),
@ -617,7 +674,7 @@ static const ProtobufCFieldDescriptor client_message__field_descriptors[11] =
},
{
"ttyout_buf",
6,
7,
PROTOBUF_C_LABEL_NONE,
PROTOBUF_C_TYPE_MESSAGE,
offsetof(ClientMessage, type_case),
@ -629,7 +686,7 @@ static const ProtobufCFieldDescriptor client_message__field_descriptors[11] =
},
{
"stdin_buf",
7,
8,
PROTOBUF_C_LABEL_NONE,
PROTOBUF_C_TYPE_MESSAGE,
offsetof(ClientMessage, type_case),
@ -641,7 +698,7 @@ static const ProtobufCFieldDescriptor client_message__field_descriptors[11] =
},
{
"stdout_buf",
8,
9,
PROTOBUF_C_LABEL_NONE,
PROTOBUF_C_TYPE_MESSAGE,
offsetof(ClientMessage, type_case),
@ -653,7 +710,7 @@ static const ProtobufCFieldDescriptor client_message__field_descriptors[11] =
},
{
"stderr_buf",
9,
10,
PROTOBUF_C_LABEL_NONE,
PROTOBUF_C_TYPE_MESSAGE,
offsetof(ClientMessage, type_case),
@ -665,7 +722,7 @@ static const ProtobufCFieldDescriptor client_message__field_descriptors[11] =
},
{
"winsize_event",
10,
11,
PROTOBUF_C_LABEL_NONE,
PROTOBUF_C_TYPE_MESSAGE,
offsetof(ClientMessage, type_case),
@ -677,7 +734,7 @@ static const ProtobufCFieldDescriptor client_message__field_descriptors[11] =
},
{
"suspend_event",
11,
12,
PROTOBUF_C_LABEL_NONE,
PROTOBUF_C_TYPE_MESSAGE,
offsetof(ClientMessage, type_case),
@ -689,22 +746,23 @@ static const ProtobufCFieldDescriptor client_message__field_descriptors[11] =
},
};
static const unsigned client_message__field_indices_by_name[] = {
3, /* field[3] = alert_msg */
0, /* field[0] = exec_msg */
1, /* field[1] = exit_msg */
2, /* field[2] = restart_msg */
8, /* field[8] = stderr_buf */
6, /* field[6] = stdin_buf */
7, /* field[7] = stdout_buf */
10, /* field[10] = suspend_event */
4, /* field[4] = ttyin_buf */
5, /* field[5] = ttyout_buf */
9, /* field[9] = winsize_event */
0, /* field[0] = accept_msg */
4, /* field[4] = alert_msg */
2, /* field[2] = exit_msg */
1, /* field[1] = reject_msg */
3, /* field[3] = restart_msg */
9, /* field[9] = stderr_buf */
7, /* field[7] = stdin_buf */
8, /* field[8] = stdout_buf */
11, /* field[11] = suspend_event */
5, /* field[5] = ttyin_buf */
6, /* field[6] = ttyout_buf */
10, /* field[10] = winsize_event */
};
static const ProtobufCIntRange client_message__number_ranges[1 + 1] =
{
{ 1, 0 },
{ 0, 11 }
{ 0, 12 }
};
const ProtobufCMessageDescriptor client_message__descriptor =
{
@ -714,7 +772,7 @@ const ProtobufCMessageDescriptor client_message__descriptor =
"ClientMessage",
"",
sizeof(ClientMessage),
11,
12,
client_message__field_descriptors,
client_message__field_indices_by_name,
1, client_message__number_ranges,
@ -938,15 +996,15 @@ const ProtobufCMessageDescriptor info_message__descriptor =
(ProtobufCMessageInit) info_message__init,
NULL,NULL,NULL /* reserved[123] */
};
static const ProtobufCFieldDescriptor exec_message__field_descriptors[2] =
static const ProtobufCFieldDescriptor accept_message__field_descriptors[3] =
{
{
"start_time",
"submit_time",
1,
PROTOBUF_C_LABEL_NONE,
PROTOBUF_C_TYPE_MESSAGE,
0, /* quantifier_offset */
offsetof(ExecMessage, start_time),
offsetof(AcceptMessage, submit_time),
&time_spec__descriptor,
NULL,
0, /* flags */
@ -957,36 +1015,113 @@ static const ProtobufCFieldDescriptor exec_message__field_descriptors[2] =
2,
PROTOBUF_C_LABEL_REPEATED,
PROTOBUF_C_TYPE_MESSAGE,
offsetof(ExecMessage, n_info_msgs),
offsetof(ExecMessage, info_msgs),
offsetof(AcceptMessage, n_info_msgs),
offsetof(AcceptMessage, info_msgs),
&info_message__descriptor,
NULL,
0, /* flags */
0,NULL,NULL /* reserved1,reserved2, etc */
},
{
"expect_iobufs",
3,
PROTOBUF_C_LABEL_NONE,
PROTOBUF_C_TYPE_BOOL,
0, /* quantifier_offset */
offsetof(AcceptMessage, expect_iobufs),
NULL,
NULL,
0, /* flags */
0,NULL,NULL /* reserved1,reserved2, etc */
},
};
static const unsigned accept_message__field_indices_by_name[] = {
2, /* field[2] = expect_iobufs */
1, /* field[1] = info_msgs */
0, /* field[0] = submit_time */
};
static const ProtobufCIntRange accept_message__number_ranges[1 + 1] =
{
{ 1, 0 },
{ 0, 3 }
};
const ProtobufCMessageDescriptor accept_message__descriptor =
{
PROTOBUF_C__MESSAGE_DESCRIPTOR_MAGIC,
"AcceptMessage",
"AcceptMessage",
"AcceptMessage",
"",
sizeof(AcceptMessage),
3,
accept_message__field_descriptors,
accept_message__field_indices_by_name,
1, accept_message__number_ranges,
(ProtobufCMessageInit) accept_message__init,
NULL,NULL,NULL /* reserved[123] */
};
static const ProtobufCFieldDescriptor reject_message__field_descriptors[3] =
{
{
"submit_time",
1,
PROTOBUF_C_LABEL_NONE,
PROTOBUF_C_TYPE_MESSAGE,
0, /* quantifier_offset */
offsetof(RejectMessage, submit_time),
&time_spec__descriptor,
NULL,
0, /* flags */
0,NULL,NULL /* reserved1,reserved2, etc */
},
{
"reason",
2,
PROTOBUF_C_LABEL_NONE,
PROTOBUF_C_TYPE_STRING,
0, /* quantifier_offset */
offsetof(RejectMessage, reason),
NULL,
&protobuf_c_empty_string,
0, /* flags */
0,NULL,NULL /* reserved1,reserved2, etc */
},
{
"info_msgs",
3,
PROTOBUF_C_LABEL_REPEATED,
PROTOBUF_C_TYPE_MESSAGE,
offsetof(RejectMessage, n_info_msgs),
offsetof(RejectMessage, info_msgs),
&info_message__descriptor,
NULL,
0, /* flags */
0,NULL,NULL /* reserved1,reserved2, etc */
},
};
static const unsigned exec_message__field_indices_by_name[] = {
1, /* field[1] = info_msgs */
0, /* field[0] = start_time */
static const unsigned reject_message__field_indices_by_name[] = {
2, /* field[2] = info_msgs */
1, /* field[1] = reason */
0, /* field[0] = submit_time */
};
static const ProtobufCIntRange exec_message__number_ranges[1 + 1] =
static const ProtobufCIntRange reject_message__number_ranges[1 + 1] =
{
{ 1, 0 },
{ 0, 2 }
{ 0, 3 }
};
const ProtobufCMessageDescriptor exec_message__descriptor =
const ProtobufCMessageDescriptor reject_message__descriptor =
{
PROTOBUF_C__MESSAGE_DESCRIPTOR_MAGIC,
"ExecMessage",
"ExecMessage",
"ExecMessage",
"RejectMessage",
"RejectMessage",
"RejectMessage",
"",
sizeof(ExecMessage),
2,
exec_message__field_descriptors,
exec_message__field_indices_by_name,
1, exec_message__number_ranges,
(ProtobufCMessageInit) exec_message__init,
sizeof(RejectMessage),
3,
reject_message__field_descriptors,
reject_message__field_indices_by_name,
1, reject_message__number_ranges,
(ProtobufCMessageInit) reject_message__init,
NULL,NULL,NULL /* reserved[123] */
};
static const ProtobufCFieldDescriptor exit_message__field_descriptors[5] =

129
logsrvd/log_server.pb-c.h
View File

@ -20,7 +20,8 @@ typedef struct _TimeSpec TimeSpec;
typedef struct _IoBuffer IoBuffer;
typedef struct _InfoMessage InfoMessage;
typedef struct _InfoMessage__StringList InfoMessage__StringList;
typedef struct _ExecMessage ExecMessage;
typedef struct _AcceptMessage AcceptMessage;
typedef struct _RejectMessage RejectMessage;
typedef struct _ExitMessage ExitMessage;
typedef struct _AlertMessage AlertMessage;
typedef struct _RestartMessage RestartMessage;
@ -37,17 +38,18 @@ typedef struct _ServerHello ServerHello;
typedef enum {
CLIENT_MESSAGE__TYPE__NOT_SET = 0,
CLIENT_MESSAGE__TYPE_EXEC_MSG = 1,
CLIENT_MESSAGE__TYPE_EXIT_MSG = 2,
CLIENT_MESSAGE__TYPE_RESTART_MSG = 3,
CLIENT_MESSAGE__TYPE_ALERT_MSG = 4,
CLIENT_MESSAGE__TYPE_TTYIN_BUF = 5,
CLIENT_MESSAGE__TYPE_TTYOUT_BUF = 6,
CLIENT_MESSAGE__TYPE_STDIN_BUF = 7,
CLIENT_MESSAGE__TYPE_STDOUT_BUF = 8,
CLIENT_MESSAGE__TYPE_STDERR_BUF = 9,
CLIENT_MESSAGE__TYPE_WINSIZE_EVENT = 10,
CLIENT_MESSAGE__TYPE_SUSPEND_EVENT = 11
CLIENT_MESSAGE__TYPE_ACCEPT_MSG = 1,
CLIENT_MESSAGE__TYPE_REJECT_MSG = 2,
CLIENT_MESSAGE__TYPE_EXIT_MSG = 3,
CLIENT_MESSAGE__TYPE_RESTART_MSG = 4,
CLIENT_MESSAGE__TYPE_ALERT_MSG = 5,
CLIENT_MESSAGE__TYPE_TTYIN_BUF = 6,
CLIENT_MESSAGE__TYPE_TTYOUT_BUF = 7,
CLIENT_MESSAGE__TYPE_STDIN_BUF = 8,
CLIENT_MESSAGE__TYPE_STDOUT_BUF = 9,
CLIENT_MESSAGE__TYPE_STDERR_BUF = 10,
CLIENT_MESSAGE__TYPE_WINSIZE_EVENT = 11,
CLIENT_MESSAGE__TYPE_SUSPEND_EVENT = 12
PROTOBUF_C__FORCE_ENUM_TO_BE_INT_SIZE(CLIENT_MESSAGE__TYPE)
} ClientMessage__TypeCase;
@ -60,7 +62,8 @@ struct _ClientMessage
ProtobufCMessage base;
ClientMessage__TypeCase type_case;
union {
ExecMessage *exec_msg;
AcceptMessage *accept_msg;
RejectMessage *reject_msg;
ExitMessage *exit_msg;
RestartMessage *restart_msg;
AlertMessage *alert_msg;
@ -158,24 +161,53 @@ struct _InfoMessage
/*
* Event log data for executed command.
* Event log data for command accepted by the policy.
*/
struct _ExecMessage
struct _AcceptMessage
{
ProtobufCMessage base;
/*
* wallclock time when command began
* time when command was submitted
*/
TimeSpec *start_time;
TimeSpec *submit_time;
/*
* key,value event log data
*/
size_t n_info_msgs;
InfoMessage **info_msgs;
/*
* true if I/O logging is enabled
*/
protobuf_c_boolean expect_iobufs;
};
#define ACCEPT_MESSAGE__INIT \
{ PROTOBUF_C_MESSAGE_INIT (&accept_message__descriptor) \
, NULL, 0,NULL, 0 }
/*
* Event log data for command rejected by the policy.
*/
struct _RejectMessage
{
ProtobufCMessage base;
/*
* time when command was submitted
*/
TimeSpec *submit_time;
/*
* reason commamd was rejected
*/
char *reason;
/*
* key,value event log data
*/
size_t n_info_msgs;
InfoMessage **info_msgs;
};
#define EXEC_MESSAGE__INIT \
{ PROTOBUF_C_MESSAGE_INIT (&exec_message__descriptor) \
, NULL, 0,NULL }
#define REJECT_MESSAGE__INIT \
{ PROTOBUF_C_MESSAGE_INIT (&reject_message__descriptor) \
, NULL, (char *)protobuf_c_empty_string, 0,NULL }
/*
@ -322,7 +354,7 @@ struct _ServerMessage
*/
TimeSpec *commit_point;
/*
* ID of new I/O log (ExecMessage ACK)
* ID of new I/O log (AcceptMessage ACK)
*/
char *log_id;
/*
@ -444,24 +476,43 @@ InfoMessage *
void info_message__free_unpacked
(InfoMessage *message,
ProtobufCAllocator *allocator);
/* ExecMessage methods */
void exec_message__init
(ExecMessage *message);
size_t exec_message__get_packed_size
(const ExecMessage *message);
size_t exec_message__pack
(const ExecMessage *message,
/* AcceptMessage methods */
void accept_message__init
(AcceptMessage *message);
size_t accept_message__get_packed_size
(const AcceptMessage *message);
size_t accept_message__pack
(const AcceptMessage *message,
uint8_t *out);
size_t exec_message__pack_to_buffer
(const ExecMessage *message,
size_t accept_message__pack_to_buffer
(const AcceptMessage *message,
ProtobufCBuffer *buffer);
ExecMessage *
exec_message__unpack
AcceptMessage *
accept_message__unpack
(ProtobufCAllocator *allocator,
size_t len,
const uint8_t *data);
void exec_message__free_unpacked
(ExecMessage *message,
void accept_message__free_unpacked
(AcceptMessage *message,
ProtobufCAllocator *allocator);
/* RejectMessage methods */
void reject_message__init
(RejectMessage *message);
size_t reject_message__get_packed_size
(const RejectMessage *message);
size_t reject_message__pack
(const RejectMessage *message,
uint8_t *out);
size_t reject_message__pack_to_buffer
(const RejectMessage *message,
ProtobufCBuffer *buffer);
RejectMessage *
reject_message__unpack
(ProtobufCAllocator *allocator,
size_t len,
const uint8_t *data);
void reject_message__free_unpacked
(RejectMessage *message,
ProtobufCAllocator *allocator);
/* ExitMessage methods */
void exit_message__init
@ -613,8 +664,11 @@ typedef void (*InfoMessage__StringList_Closure)
typedef void (*InfoMessage_Closure)
(const InfoMessage *message,
void *closure_data);
typedef void (*ExecMessage_Closure)
(const ExecMessage *message,
typedef void (*AcceptMessage_Closure)
(const AcceptMessage *message,
void *closure_data);
typedef void (*RejectMessage_Closure)
(const RejectMessage *message,
void *closure_data);
typedef void (*ExitMessage_Closure)
(const ExitMessage *message,
@ -648,7 +702,8 @@ extern const ProtobufCMessageDescriptor time_spec__descriptor;
extern const ProtobufCMessageDescriptor io_buffer__descriptor;
extern const ProtobufCMessageDescriptor info_message__descriptor;
extern const ProtobufCMessageDescriptor info_message__string_list__descriptor;
extern const ProtobufCMessageDescriptor exec_message__descriptor;
extern const ProtobufCMessageDescriptor accept_message__descriptor;
extern const ProtobufCMessageDescriptor reject_message__descriptor;
extern const ProtobufCMessageDescriptor exit_message__descriptor;
extern const ProtobufCMessageDescriptor alert_message__descriptor;
extern const ProtobufCMessageDescriptor restart_message__descriptor;

41
logsrvd/log_server.proto
View File

@ -6,17 +6,18 @@ syntax = "proto3";
*/
message ClientMessage {
oneof type {
ExecMessage exec_msg = 1;
ExitMessage exit_msg = 2;
RestartMessage restart_msg = 3;
AlertMessage alert_msg = 4;
IoBuffer ttyin_buf = 5;
IoBuffer ttyout_buf = 6;
IoBuffer stdin_buf = 7;
IoBuffer stdout_buf = 8;
IoBuffer stderr_buf = 9;
ChangeWindowSize winsize_event = 10;
CommandSuspend suspend_event = 11;
AcceptMessage accept_msg = 1;
RejectMessage reject_msg = 2;
ExitMessage exit_msg = 3;
RestartMessage restart_msg = 4;
AlertMessage alert_msg = 5;
IoBuffer ttyin_buf = 6;
IoBuffer ttyout_buf = 7;
IoBuffer stdin_buf = 8;
IoBuffer stdout_buf = 9;
IoBuffer stderr_buf = 10;
ChangeWindowSize winsize_event = 11;
CommandSuspend suspend_event = 12;
}
}
@ -49,11 +50,21 @@ message InfoMessage {
}
/*
* Event log data for executed command.
* Event log data for command accepted by the policy.
*/
message ExecMessage {
TimeSpec start_time = 1; /* wallclock time when command began */
message AcceptMessage {
TimeSpec submit_time = 1; /* time when command was submitted */
repeated InfoMessage info_msgs = 2; /* key,value event log data */
bool expect_iobufs = 3; /* true if I/O logging is enabled */
}
/*
* Event log data for command rejected by the policy.
*/
message RejectMessage {
TimeSpec submit_time = 1; /* time when command was submitted */
string reason = 2; /* reason commamd was rejected */
repeated InfoMessage info_msgs = 3; /* key,value event log data */
}
/* Message sent by client when command exits. */
@ -99,7 +110,7 @@ message ServerMessage {
oneof type {
ServerHello hello = 1; /* server hello message */
TimeSpec commit_point = 2; /* cumulative time of records stored */
string log_id = 3; /* ID of new I/O log (ExecMessage ACK) */
string log_id = 3; /* ID of new I/O log (AcceptMessage ACK) */
string error = 4; /* error message from server (restartable) */
string abort = 5; /* abort message from server (kill session) */
}

64
logsrvd/logsrvd.c
View File

@ -180,12 +180,12 @@ fmt_error_message(const char *errstr, struct connection_buffer *buf)
}
/*
* Parse an ExecMessage
* Parse an AcceptMessage
*/
static bool
handle_exec(ExecMessage *msg, struct connection_closure *closure)
handle_accept(AcceptMessage *msg, struct connection_closure *closure)
{
debug_decl(handle_exec, SUDO_DEBUG_UTIL)
debug_decl(handle_accept, SUDO_DEBUG_UTIL)
if (closure->state != INITIAL) {
sudo_debug_printf(SUDO_DEBUG_ERROR|SUDO_DEBUG_LINENO,
@ -194,17 +194,23 @@ handle_exec(ExecMessage *msg, struct connection_closure *closure)
}
/* Sanity check message. */
if (msg->start_time == NULL || msg->n_info_msgs == 0) {
if (msg->submit_time == NULL || msg->n_info_msgs == 0) {
sudo_debug_printf(SUDO_DEBUG_ERROR|SUDO_DEBUG_LINENO,
"invalid ExecMessage, start_time: %p, n_info_msgs: %zu",
msg->start_time, msg->n_info_msgs);
"invalid AcceptMessage, submit_time: %p, n_info_msgs: %zu",
msg->submit_time, msg->n_info_msgs);
debug_return_bool(false);
}
sudo_debug_printf(SUDO_DEBUG_INFO, "%s: received ExecMessage", __func__);
sudo_debug_printf(SUDO_DEBUG_INFO, "%s: received AcceptMessage", __func__);
/* Save start time. */
closure->start_time.tv_sec = msg->start_time->tv_sec;
closure->start_time.tv_nsec = msg->start_time->tv_nsec;
closure->submit_time.tv_sec = msg->submit_time->tv_sec;
closure->submit_time.tv_nsec = msg->submit_time->tv_nsec;
/* TODO: handle event logging via syslog */
if (!msg->expect_iobufs) {
closure->state = FLUSHED;
debug_return_bool(true);
}
/* Create I/O log info file and parent directories. */
if (!iolog_init(msg, closure))
@ -223,6 +229,39 @@ handle_exec(ExecMessage *msg, struct connection_closure *closure)
debug_return_bool(true);
}
/*
* Parse a RejectMessage
*/
static bool
handle_reject(RejectMessage *msg, struct connection_closure *closure)
{
debug_decl(handle_reject, SUDO_DEBUG_UTIL)
if (closure->state != INITIAL) {
sudo_debug_printf(SUDO_DEBUG_ERROR|SUDO_DEBUG_LINENO,
"unexpected state %d", closure->state);
debug_return_bool(false);
}
/* Sanity check message. */
if (msg->submit_time == NULL || msg->n_info_msgs == 0) {
sudo_debug_printf(SUDO_DEBUG_ERROR|SUDO_DEBUG_LINENO,
"invalid RejectMessage, submit_time: %p, n_info_msgs: %zu",
msg->submit_time, msg->n_info_msgs);
debug_return_bool(false);
}
sudo_debug_printf(SUDO_DEBUG_INFO, "%s: received RejectMessage", __func__);
/* Save start time. */
closure->submit_time.tv_sec = msg->submit_time->tv_sec;
closure->submit_time.tv_nsec = msg->submit_time->tv_nsec;
/* TODO: handle event logging via syslog */
closure->state = FLUSHED;
debug_return_bool(true);
}
static bool
handle_exit(ExitMessage *msg, struct connection_closure *closure)
{
@ -412,8 +451,11 @@ handle_client_message(uint8_t *buf, size_t len,
}
switch (msg->type_case) {
case CLIENT_MESSAGE__TYPE_EXEC_MSG:
ret = handle_exec(msg->exec_msg, closure);
case CLIENT_MESSAGE__TYPE_ACCEPT_MSG:
ret = handle_accept(msg->accept_msg, closure);
break;
case CLIENT_MESSAGE__TYPE_REJECT_MSG:
ret = handle_reject(msg->reject_msg, closure);
break;
case CLIENT_MESSAGE__TYPE_EXIT_MSG:
ret = handle_exit(msg->exit_msg, closure);

8
logsrvd/logsrvd.h
View File

@ -32,7 +32,7 @@
#define SHUTDOWN_TIMEO 10
/*
* I/O log details from the ExecMessage + iolog path and sessid.
* I/O log details from the AcceptMessage + iolog path and sessid.
*/
struct iolog_details {
char *command;
@ -45,7 +45,7 @@ struct iolog_details {
char *submitgroup;
char *ttyname;
char **argv;
time_t start_time;
time_t submit_time;
int argc;
int lines;
int columns;
@ -78,7 +78,7 @@ struct connection_buffer {
*/
struct connection_closure {
TAILQ_ENTRY(connection_closure) entries;
struct timespec start_time;
struct timespec submit_time;
struct timespec elapsed_time;
struct connection_buffer read_buf;
struct connection_buffer write_buf;
@ -93,7 +93,7 @@ struct connection_closure {
};
/* iolog_writer.c */
bool iolog_init(ExecMessage *msg, struct connection_closure *closure);
bool iolog_init(AcceptMessage *msg, struct connection_closure *closure);
bool iolog_restart(RestartMessage *msg, struct connection_closure *closure);
int store_iobuf(int iofd, IoBuffer *msg, struct connection_closure *closure);
int store_suspend(CommandSuspend *msg, struct connection_closure *closure);

111
logsrvd/sendlog.c
View File

@ -285,25 +285,25 @@ split_command(char *command, size_t *lenp)
}
/*
* Build and format an ExecMessage wrapped in a ClientMessage.
* Build and format an AcceptMessage wrapped in a ClientMessage.
* Stores the wire format message in the closure's write buffer.
* Returns true on success, false on failure.
*/
static bool
fmt_exec_message(struct client_closure *closure)
fmt_accept_message(struct client_closure *closure)
{
ClientMessage client_msg = CLIENT_MESSAGE__INIT;
ExecMessage exec_msg = EXEC_MESSAGE__INIT;
AcceptMessage accept_msg = ACCEPT_MESSAGE__INIT;
TimeSpec tv = TIME_SPEC__INIT;
InfoMessage__StringList runargv = INFO_MESSAGE__STRING_LIST__INIT;
struct iolog_info *log_info = closure->log_info;
char hostname[1024];
bool ret = false;
size_t n;
debug_decl(fmt_exec_message, SUDO_DEBUG_UTIL)
debug_decl(fmt_accept_message, SUDO_DEBUG_UTIL)
/*
* Fill in ExecMessage and add it to ClientMessage.
* Fill in AcceptMessage and add it to ClientMessage.
* TODO: handle buf large than 64K?
*/
if (gethostname(hostname, sizeof(hostname)) == -1) {
@ -315,7 +315,10 @@ fmt_exec_message(struct client_closure *closure)
/* Sudo I/O logs only store start time in seconds. */
tv.tv_sec = log_info->tstamp;
tv.tv_nsec = 0;
exec_msg.start_time = &tv;
accept_msg.submit_time = &tv;
/* Client will send IoBuffer messages. */
accept_msg.expect_iobufs = true;
/* Split command into a StringList. */
runargv.strings = split_command(log_info->cmd, &runargv.n_strings);
@ -323,82 +326,82 @@ fmt_exec_message(struct client_closure *closure)
sudo_fatal(NULL);
/* The sudo I/O log info file has limited info. */
exec_msg.n_info_msgs = 10;
exec_msg.info_msgs = calloc(exec_msg.n_info_msgs, sizeof(InfoMessage *));
if (exec_msg.info_msgs == NULL)
accept_msg.n_info_msgs = 10;
accept_msg.info_msgs = calloc(accept_msg.n_info_msgs, sizeof(InfoMessage *));
if (accept_msg.info_msgs == NULL)
debug_return_bool(false);
for (n = 0; n < exec_msg.n_info_msgs; n++) {
exec_msg.info_msgs[n] = malloc(sizeof(InfoMessage));
if (exec_msg.info_msgs[n] == NULL) {
exec_msg.n_info_msgs = n;
for (n = 0; n < accept_msg.n_info_msgs; n++) {
accept_msg.info_msgs[n] = malloc(sizeof(InfoMessage));
if (accept_msg.info_msgs[n] == NULL) {
accept_msg.n_info_msgs = n;
goto done;
}
info_message__init(exec_msg.info_msgs[n]);
info_message__init(accept_msg.info_msgs[n]);
}
/* Fill in info_msgs */
n = 0;
exec_msg.info_msgs[n]->key = "command";
exec_msg.info_msgs[n]->strval = log_info->cmd;
exec_msg.info_msgs[n]->value_case = INFO_MESSAGE__VALUE_STRVAL;
accept_msg.info_msgs[n]->key = "command";
accept_msg.info_msgs[n]->strval = log_info->cmd;
accept_msg.info_msgs[n]->value_case = INFO_MESSAGE__VALUE_STRVAL;
n++;
exec_msg.info_msgs[n]->key = "columns";
exec_msg.info_msgs[n]->numval = log_info->cols;
exec_msg.info_msgs[n]->value_case = INFO_MESSAGE__VALUE_NUMVAL;
accept_msg.info_msgs[n]->key = "columns";
accept_msg.info_msgs[n]->numval = log_info->cols;
accept_msg.info_msgs[n]->value_case = INFO_MESSAGE__VALUE_NUMVAL;
n++;
exec_msg.info_msgs[n]->key = "cwd";
exec_msg.info_msgs[n]->strval = log_info->cwd;
exec_msg.info_msgs[n]->value_case = INFO_MESSAGE__VALUE_STRVAL;
accept_msg.info_msgs[n]->key = "cwd";
accept_msg.info_msgs[n]->strval = log_info->cwd;
accept_msg.info_msgs[n]->value_case = INFO_MESSAGE__VALUE_STRVAL;
n++;
exec_msg.info_msgs[n]->key = "lines";
exec_msg.info_msgs[n]->numval = log_info->lines;
exec_msg.info_msgs[n]->value_case = INFO_MESSAGE__VALUE_NUMVAL;
accept_msg.info_msgs[n]->key = "lines";
accept_msg.info_msgs[n]->numval = log_info->lines;
accept_msg.info_msgs[n]->value_case = INFO_MESSAGE__VALUE_NUMVAL;
n++;
exec_msg.info_msgs[n]->key = "runargv";
exec_msg.info_msgs[n]->strlistval = &runargv;
exec_msg.info_msgs[n]->value_case = INFO_MESSAGE__VALUE_STRLISTVAL;
accept_msg.info_msgs[n]->key = "runargv";
accept_msg.info_msgs[n]->strlistval = &runargv;
accept_msg.info_msgs[n]->value_case = INFO_MESSAGE__VALUE_STRLISTVAL;
n++;
if (log_info->runas_group != NULL) {
exec_msg.info_msgs[n]->key = "rungroup";
exec_msg.info_msgs[n]->strval = log_info->runas_group;
exec_msg.info_msgs[n]->value_case = INFO_MESSAGE__VALUE_STRVAL;
accept_msg.info_msgs[n]->key = "rungroup";
accept_msg.info_msgs[n]->strval = log_info->runas_group;
accept_msg.info_msgs[n]->value_case = INFO_MESSAGE__VALUE_STRVAL;
n++;
}
exec_msg.info_msgs[n]->key = "runuser";
exec_msg.info_msgs[n]->strval = log_info->runas_user;
exec_msg.info_msgs[n]->value_case = INFO_MESSAGE__VALUE_STRVAL;
accept_msg.info_msgs[n]->key = "runuser";
accept_msg.info_msgs[n]->strval = log_info->runas_user;
accept_msg.info_msgs[n]->value_case = INFO_MESSAGE__VALUE_STRVAL;
n++;
exec_msg.info_msgs[n]->key = "submithost";
exec_msg.info_msgs[n]->strval = hostname;
exec_msg.info_msgs[n]->value_case = INFO_MESSAGE__VALUE_STRVAL;
accept_msg.info_msgs[n]->key = "submithost";
accept_msg.info_msgs[n]->strval = hostname;
accept_msg.info_msgs[n]->value_case = INFO_MESSAGE__VALUE_STRVAL;
n++;
exec_msg.info_msgs[n]->key = "submituser";
exec_msg.info_msgs[n]->strval = log_info->user;
exec_msg.info_msgs[n]->value_case = INFO_MESSAGE__VALUE_STRVAL;
accept_msg.info_msgs[n]->key = "submituser";
accept_msg.info_msgs[n]->strval = log_info->user;
accept_msg.info_msgs[n]->value_case = INFO_MESSAGE__VALUE_STRVAL;
n++;
exec_msg.info_msgs[n]->key = "ttyname";
exec_msg.info_msgs[n]->strval = log_info->tty;
exec_msg.info_msgs[n]->value_case = INFO_MESSAGE__VALUE_STRVAL;
accept_msg.info_msgs[n]->key = "ttyname";
accept_msg.info_msgs[n]->strval = log_info->tty;
accept_msg.info_msgs[n]->value_case = INFO_MESSAGE__VALUE_STRVAL;
n++;
/* Update n_info_msgs. */
exec_msg.n_info_msgs = n;
accept_msg.n_info_msgs = n;
sudo_debug_printf(SUDO_DEBUG_INFO,
"%s: sending ExecMessage, array length %zu", __func__, n);
"%s: sending AcceptMessage, array length %zu", __func__, n);
/* Schedule ClientMessage */
client_msg.exec_msg = &exec_msg;
client_msg.type_case = CLIENT_MESSAGE__TYPE_EXEC_MSG;
client_msg.accept_msg = &accept_msg;
client_msg.type_case = CLIENT_MESSAGE__TYPE_ACCEPT_MSG;
ret = fmt_client_message(&closure->write_buf, &client_msg);
if (ret) {
if (sudo_ev_add(NULL, closure->write_ev, NULL, false) == -1)
@ -406,10 +409,10 @@ fmt_exec_message(struct client_closure *closure)
}
done:
for (n = 0; n < exec_msg.n_info_msgs; n++) {
free(exec_msg.info_msgs[n]);
for (n = 0; n < accept_msg.n_info_msgs; n++) {
free(accept_msg.info_msgs[n]);
}
free(exec_msg.info_msgs);
free(accept_msg.info_msgs);
debug_return_bool(ret);
}
@ -686,7 +689,7 @@ client_message_completion(struct client_closure *closure)
debug_decl(client_message_completion, SUDO_DEBUG_UTIL)
switch (closure->state) {
case SEND_EXEC:
case SEND_ACCEPT:
case SEND_RESTART:
closure->state = SEND_IO;
/* FALLTHROUGH */
@ -829,8 +832,8 @@ handle_server_message(uint8_t *buf, size_t len,
closure->state = SEND_RESTART;
ret = fmt_restart_message(closure);
} else {
closure->state = SEND_EXEC;
ret = fmt_exec_message(closure);
closure->state = SEND_ACCEPT;
ret = fmt_accept_message(closure);
}
}
break;

2
logsrvd/sendlog.h
View File

@ -27,7 +27,7 @@ enum client_state {
ERROR,
RECV_HELLO,
SEND_RESTART,
SEND_EXEC,
SEND_ACCEPT,
SEND_IO,
SEND_EXIT,
CLOSING,