mir/sudo
2
0
Fork 0
mirror of https://github.com/sudo-project/sudo.git synced 2025-09-03 15:55:40 +00:00
Code Issues Releases Wiki Activity

Add -f (filter) option to sudoreplay to allow certain streams to

Browse Source 
be replayed and others ignored.
This commit is contained in:
Todd C. Miller
2010-06-15 16:11:25 -04:00
parent 4fb8a83e6f
commit 1025a2ec06
4 changed files with 95 additions and 64 deletions
Download Patch File Download Diff File Expand all files Collapse all files

100
doc/sudoreplay.cat
View File

@@ -8,7 +8,8 @@ NNAAMMEE
sudoreplay - replay sudo session logs
SSYYNNOOPPSSIISS
ssuuddoorreeppllaayy [--dd _d_i_r_e_c_t_o_r_y] [--mm _m_a_x___w_a_i_t] [--ss _s_p_e_e_d___f_a_c_t_o_r] ID
ssuuddoorreeppllaayy [--dd _d_i_r_e_c_t_o_r_y] [--ff _f_i_l_t_e_r] [--mm _m_a_x___w_a_i_t] [--ss _s_p_e_e_d___f_a_c_t_o_r]
ID
ssuuddoorreeppllaayy [--dd _d_i_r_e_c_t_o_r_y] -l [search expression]
@@ -40,6 +41,12 @@ OOPPTTIIOONNSS
Use _d_i_r_e_c_t_o_r_y to for the session logs instead of the
default, _/_v_a_r_/_l_o_g_/_s_u_d_o_-_i_o.
-f _f_i_l_t_e_r By default, ssuuddoorreeppllaayy will play back the command's
standard output, standard error and tty output. The _-_f
option can be used to select which of these to output. The
_f_i_l_t_e_r argument is a comma-separated list, consisting of
one or more of following: _s_t_d_o_u_t, _s_t_d_e_r_r, and _t_t_y_o_u_t.
-l Enable "list mode". In this mode, ssuuddoorreeppllaayy will list
available session IDs. If a _s_e_a_r_c_h _e_x_p_r_e_s_s_i_o_n is
specified, it will be used to restrict the IDs that are
@@ -51,17 +58,10 @@ OOPPTTIIOONNSS
_c_o_m_m_a_n_d _p_a_t_t_e_r_n. On systems with POSIX regular
expression support, the pattern may be an extended
regular expression. On systems without POSIX
regular expression support, a simple substring
match is performed instead.
cwd _d_i_r_e_c_t_o_r_y
Evaluates to true if the command was run with the
specified current working directory.
1.8.0b1 June 11, 2010 1
1.8.0b1 June 15, 2010 1
@@ -70,6 +70,13 @@ OOPPTTIIOONNSS
SUDOREPLAY(1m) MAINTENANCE COMMANDS SUDOREPLAY(1m)
regular expression support, a simple substring
match is performed instead.
cwd _d_i_r_e_c_t_o_r_y
Evaluates to true if the command was run with the
specified current working directory.
fromdate _d_a_t_e
Evaluates to true if the command was run on or
after _d_a_t_e. See "Date and time format" for a
@@ -117,17 +124,10 @@ SUDOREPLAY(1m) MAINTENANCE COMMANDS SUDOREPLAY(1m)
session includes long pauses. When the _-_m option is
specified, ssuuddoorreeppllaayy will limit these pauses to at most
_m_a_x___w_a_i_t seconds. The value may be specified as a floating
point number, .e.g. _2_._5.
-s _s_p_e_e_d___f_a_c_t_o_r
This option causes ssuuddoorreeppllaayy to adjust the number of
seconds it will wait between key presses or program output.
This can be used to slow down or speed up the display. For
example, a _s_p_e_e_d___f_a_c_t_o_r of _2 would make the output twice as
1.8.0b1 June 11, 2010 2
1.8.0b1 June 15, 2010 2
@@ -136,6 +136,13 @@ SUDOREPLAY(1m) MAINTENANCE COMMANDS SUDOREPLAY(1m)
SUDOREPLAY(1m) MAINTENANCE COMMANDS SUDOREPLAY(1m)
point number, .e.g. _2_._5.
-s _s_p_e_e_d___f_a_c_t_o_r
This option causes ssuuddoorreeppllaayy to adjust the number of
seconds it will wait between key presses or program output.
This can be used to slow down or speed up the display. For
example, a _s_p_e_e_d___f_a_c_t_o_r of _2 would make the output twice as
fast whereas a _s_p_e_e_d___f_a_c_t_o_r of <.5> would make the output
twice as slow.
@@ -182,6 +189,19 @@ SUDOREPLAY(1m) MAINTENANCE COMMANDS SUDOREPLAY(1m)
next Friday
The first second of the next Friday.
1.8.0b1 June 15, 2010 3
SUDOREPLAY(1m) MAINTENANCE COMMANDS SUDOREPLAY(1m)
this week
The current time but the first day of the coming week.
@@ -191,17 +211,6 @@ SUDOREPLAY(1m) MAINTENANCE COMMANDS SUDOREPLAY(1m)
10:01 am 9/17/2009
10:01 am, September 17, 2009.
1.8.0b1 June 11, 2010 3
SUDOREPLAY(1m) MAINTENANCE COMMANDS SUDOREPLAY(1m)
10:01 am
10:01 am on the current day.
@@ -247,6 +256,18 @@ EEXXAAMMPPLLEESS
List sessions run by user _b_o_b with a command containing the string vi:
1.8.0b1 June 15, 2010 4
SUDOREPLAY(1m) MAINTENANCE COMMANDS SUDOREPLAY(1m)
sudoreplay -l user bob command vi
List sessions run by user _j_e_f_f that match a regular expression:
@@ -257,17 +278,6 @@ EEXXAAMMPPLLEESS
sudoreplay -l ( user jeff or user bob ) tty console
1.8.0b1 June 11, 2010 4
SUDOREPLAY(1m) MAINTENANCE COMMANDS SUDOREPLAY(1m)
SSEEEE AALLSSOO
_s_u_d_o(1m), _s_c_r_i_p_t(1)
@@ -315,16 +325,6 @@ DDIISSCCLLAAIIMMEERR
1.8.0b1 June 11, 2010 5
1.8.0b1 June 15, 2010 5

11
doc/sudoreplay.man.in
View File

@@ -139,7 +139,7 @@
.\" ========================================================================
.\"
.IX Title "SUDOREPLAY @mansectsu@"
.TH SUDOREPLAY @mansectsu@ "June 11, 2010" "1.8.0b1" "MAINTENANCE COMMANDS"
.TH SUDOREPLAY @mansectsu@ "June 15, 2010" "1.8.0b1" "MAINTENANCE COMMANDS"
.\" For nroff, turn off justification. Always turn off hyphenation; it makes
.\" way too many mistakes in technical documents.
.if n .ad l
@@ -148,7 +148,7 @@
sudoreplay \- replay sudo session logs
.SH "SYNOPSIS"
.IX Header "SYNOPSIS"
\&\fBsudoreplay\fR [\fB\-d\fR \fIdirectory\fR] [\fB\-m\fR \fImax_wait\fR] [\fB\-s\fR \fIspeed_factor\fR] \s-1ID\s0
\&\fBsudoreplay\fR [\fB\-d\fR \fIdirectory\fR] [\fB\-f\fR \fIfilter\fR] [\fB\-m\fR \fImax_wait\fR] [\fB\-s\fR \fIspeed_factor\fR] \s-1ID\s0
.PP
\&\fBsudoreplay\fR [\fB\-d\fR \fIdirectory\fR] \-l [search expression]
.SH "DESCRIPTION"
@@ -180,6 +180,13 @@ Double the playback speed.
.IX Item "-d directory"
Use \fIdirectory\fR to for the session logs instead of the default,
\&\fI/var/log/sudo\-io\fR.
.IP "\-f \fIfilter\fR" 12
.IX Item "-f filter"
By default, \fBsudoreplay\fR will play back the command's standard
output, standard error and tty output. The \fI\-f\fR option can be
used to select which of these to output. The \fIfilter\fR argument
is a comma-separated list, consisting of one or more of following:
\&\fIstdout\fR, \fIstderr\fR, and \fIttyout\fR.
.IP "\-l" 12
.IX Item "-l"
Enable \*(L"list mode\*(R". In this mode, \fBsudoreplay\fR will list available

10
doc/sudoreplay.pod
View File

@@ -21,7 +21,7 @@ sudoreplay - replay sudo session logs
=head1 SYNOPSIS
B<sudoreplay> [B<-d> I<directory>] [B<-m> I<max_wait>] [B<-s> I<speed_factor>] ID
B<sudoreplay> [B<-d> I<directory>] [B<-f> I<filter>] [B<-m> I<max_wait>] [B<-s> I<speed_factor>] ID
B<sudoreplay> [B<-d> I<directory>] -l [search expression]
@@ -68,6 +68,14 @@ B<sudoreplay> accepts the following command line options:
Use I<directory> to for the session logs instead of the default,
F</var/log/sudo-io>.
=item -f I<filter>
By default, B<sudoreplay> will play back the command's standard
output, standard error and tty output. The I<-f> option can be
used to select which of these to output. The I<filter> argument
is a comma-separated list, consisting of one or more of following:
I<stdout>, I<stderr>, and I<ttyout>.
=item -l
Enable "list mode". In this mode, B<sudoreplay> will list available

38
plugins/sudoers/sudoreplay.c
View File

@@ -97,6 +97,10 @@
#define IOFD_TIMING 5
#define IOFD_MAX 6
/* Bitmap of iofds to be replayed */
unsigned int replay_filter = (1 << IOFD_STDOUT) | (1 << IOFD_STDERR) |
(1 << IOFD_TTYOUT);
/* For getopt(3) */
extern char *optarg;
extern int optind;
@@ -216,11 +220,25 @@ main(int argc, char *argv[])
setprogname(argc > 0 ? argv[0] : "sudoreplay");
#endif
while ((ch = getopt(argc, argv, "d:lm:s:V")) != -1) {
while ((ch = getopt(argc, argv, "d:f:lm:s:V")) != -1) {
switch(ch) {
case 'd':
session_dir = optarg;
break;
case 'f':
/* Set the replay filter. */
replay_filter = 0;
for (cp = strtok(optarg, ","); cp; cp = strtok(NULL, ",")) {
if (strcmp(cp, "stdout") == 0)
SET(replay_filter, 1 << IOFD_STDOUT);
else if (strcmp(cp, "stderr") == 0)
SET(replay_filter, 1 << IOFD_STDERR);
else if (strcmp(cp, "ttyout") == 0)
SET(replay_filter, 1 << IOFD_TTYOUT);
else
errorx(1, "invalid filter option: %s", optarg);
}
break;
case 'l':
listonly = 1;
break;
@@ -266,14 +284,13 @@ main(int argc, char *argv[])
id, &id[2], &id[4], strerror(ENAMETOOLONG));
plen -= 7;
/* Open files for replay */
/* Open files for replay, applying replay filter for the -f flag. */
for (idx = 0; idx < IOFD_MAX; idx++) {
/* Don't support replaying input. */
if (idx == IOFD_STDIN || idx == IOFD_TTYIN)
continue;
io_fds[idx].v = open_io_fd(path, plen, io_fnames[idx]);
if (io_fds[idx].v == NULL)
error(1, "unable to open %s", path);
if (ISSET(replay_filter, 1 << idx) || idx == IOFD_TIMING) {
io_fds[idx].v = open_io_fd(path, plen, io_fnames[idx]);
if (io_fds[idx].v == NULL)
error(1, "unable to open %s", path);
}
}
/* Read log file. */
@@ -352,12 +369,11 @@ main(int argc, char *argv[])
to_wait = max_wait;
delay(to_wait);
/* We don't replay input (but we still have to delay). */
if (idx == IOFD_STDIN || idx == IOFD_TTYIN)
/* Even if we are not relaying, we still have to delay. */
if (io_fds[idx].v == NULL)
continue;
/* All output is sent to stdout. */
/* XXX - add flags to allow use to select which ones */
while (nbytes != 0) {
if (nbytes > sizeof(buf))
len = sizeof(buf);