From 39b540ff33564506c920cddb9da8d51dcc408839 Mon Sep 17 00:00:00 2001
From: "Todd C. Miller" <Todd.Miller@sudo.ws>
Date: Mon, 26 Oct 2020 16:10:40 -0600
Subject: [PATCH] Log the short version of the tty in sudoers-format logs. This
 is consistent with historical practice.

---
 lib/eventlog/eventlog.c   | 16 +++++++++++-----
 plugins/sudoers/logging.c |  3 +--
 2 files changed, 12 insertions(+), 7 deletions(-)

diff --git a/lib/eventlog/eventlog.c b/lib/eventlog/eventlog.c
index ebdb8fa98..5a4e782a0 100644
--- a/lib/eventlog/eventlog.c
+++ b/lib/eventlog/eventlog.c
@@ -87,8 +87,8 @@ new_logline(int flags, const char *message, const char *errstr,
 {
     char *line = NULL, *evstr = NULL;
     const char *iolog_file = details->iolog_file;
+    const char *tty, *tsid = NULL;
     char sessid[7];
-    const char *tsid = NULL;
     size_t len = 0;
     int i;
     debug_decl(new_logline, SUDO_DEBUG_UTIL);
@@ -120,6 +120,12 @@ new_logline(int flags, const char *message, const char *errstr,
 	}
     }
 
+    /* Sudo-format logs use the short form of the ttyname. */
+    if ((tty = details->ttyname) != NULL) {
+	if (strncmp(tty, _PATH_DEV, sizeof(_PATH_DEV) - 1) == 0)
+	    tty += sizeof(_PATH_DEV) - 1;
+    }
+
     /*
      * Compute line length
      */
@@ -129,8 +135,8 @@ new_logline(int flags, const char *message, const char *errstr,
 	len += strlen(errstr) + 3;
     if (details->submithost != NULL && !evl_conf.omit_hostname)
 	len += sizeof(LL_HOST_STR) + 2 + strlen(details->submithost);
-    if (details->ttyname != NULL)
-	len += sizeof(LL_TTY_STR) + 2 + strlen(details->ttyname);
+    if (tty != NULL)
+	len += sizeof(LL_TTY_STR) + 2 + strlen(tty);
     if (details->runchroot != NULL)
 	len += sizeof(LL_CHROOT_STR) + 2 + strlen(details->runchroot);
     if (details->runcwd != NULL)
@@ -190,9 +196,9 @@ new_logline(int flags, const char *message, const char *errstr,
 	    strlcat(line, " ; ", len) >= len)
 	    goto toobig;
     }
-    if (details->ttyname != NULL) {
+    if (tty != NULL) {
 	if (strlcat(line, LL_TTY_STR, len) >= len ||
-	    strlcat(line, details->ttyname, len) >= len ||
+	    strlcat(line, tty, len) >= len ||
 	    strlcat(line, " ; ", len) >= len)
 	    goto toobig;
     }
diff --git a/plugins/sudoers/logging.c b/plugins/sudoers/logging.c
index 69766e749..14be28b77 100644
--- a/plugins/sudoers/logging.c
+++ b/plugins/sudoers/logging.c
@@ -490,8 +490,7 @@ sudoers_to_eventlog(struct eventlog *evlog)
     evlog->submithost = user_host;
     evlog->submituser = user_name;
     /* TODO - submitgroup */
-    /* XXX - use ttypath for JSON logs */
-    evlog->ttyname = user_tty;
+    evlog->ttyname = user_ttypath;
     evlog->argv = NewArgv;
     evlog->env_add = (char **)sudo_user.env_vars;
     evlog->envp = env_get();