mir/sudo
2
0
Fork 0
mirror of https://github.com/sudo-project/sudo.git synced 2025-09-02 23:35:36 +00:00
Code Issues Releases Wiki Activity

Add syslog_maxlen to control the max size of syslog messages.

Browse Source
This commit is contained in:
Todd C. Miller
2016-10-18 15:51:47 -06:00
parent f632e0a63d
commit 44c2679f83
8 changed files with 110 additions and 42 deletions
Download Patch File Download Diff File Expand all files Collapse all files

33
doc/sudoers.cat
View File

@@ -1642,6 +1642,23 @@ SSUUDDOOEERRSS OOPPTTIIOONNSS
See _s_y_s_l_o_g___b_a_d_p_r_i for the list of supported syslog See _s_y_s_l_o_g___b_a_d_p_r_i for the list of supported syslog
priorities. priorities.
syslog_maxlen On many systems, syslog(3) has a relatively small log
buffer. IETF RFC 5424 states that syslog servers must
support messages of at least 480 bytes and should
support messages up to 2048 bytes. By default, ssuuddooeerrss
creates log messages up to 980 bytes which corresponds
to the historic BSD syslog implementation which used a
1024 byte buffer to store the message, date, hostname
and program name. To prevent syslog messages from
being truncated, ssuuddooeerrss will split up log messages
that are larger than _s_y_s_l_o_g___m_a_x_l_e_n bytes. When a
message is split, additional parts will include the
string ``(command continued)'' after the user name and
before the continued command line arguments.
This setting is only supported by version 1.8.19 or
higher.
sudoers_locale Locale to use when parsing the sudoers file, logging sudoers_locale Locale to use when parsing the sudoers file, logging
commands, and sending email. Note that changing the commands, and sending email. Note that changing the
locale may affect how sudoers is interpreted. Defaults locale may affect how sudoers is interpreted. Defaults
@@ -2027,15 +2044,13 @@ LLOOGG FFOORRMMAATT
NNootteess oonn llooggggiinngg vviiaa ssyysslloogg NNootteess oonn llooggggiinngg vviiaa ssyysslloogg
By default, ssuuddooeerrss logs messages via syslog(3). The _d_a_t_e, _h_o_s_t_n_a_m_e, and By default, ssuuddooeerrss logs messages via syslog(3). The _d_a_t_e, _h_o_s_t_n_a_m_e, and
_p_r_o_g_n_a_m_e fields are added by the syslog daemon, not ssuuddooeerrss itself. As _p_r_o_g_n_a_m_e fields are added by the system's ssyysslloogg() function, not ssuuddooeerrss
such, they may vary in format on different systems. itself. As such, they may vary in format on different systems.
On most systems, syslog(3) has a relatively small log buffer. To prevent The maximum size of syslog messages varies from system to system. The
the command line arguments from being truncated, ssuuddooeerrss will split up _s_y_s_l_o_g___m_a_x_l_e_n setting can be used to change the maximum syslog message
log messages that are larger than 960 characters (not including the date, size from the default value of 980 bytes. For more information, see the
hostname, and the string ``sudo''). When a message is split, additional description of _s_y_s_l_o_g___m_a_x_l_e_n.
parts will include the string ``(command continued)'' after the user name
and before the continued command line arguments.
NNootteess oonn llooggggiinngg ttoo aa ffiillee NNootteess oonn llooggggiinngg ttoo aa ffiillee
If the _l_o_g_f_i_l_e option is set, ssuuddooeerrss will log to a local file, such as If the _l_o_g_f_i_l_e option is set, ssuuddooeerrss will log to a local file, such as
@@ -2592,4 +2607,4 @@ DDIISSCCLLAAIIMMEERR
file distributed with ssuuddoo or https://www.sudo.ws/license.html for file distributed with ssuuddoo or https://www.sudo.ws/license.html for
complete details. complete details.
Sudo 1.8.18 August 31, 2016 Sudo 1.8.18 Sudo 1.8.18 October 18, 2016 Sudo 1.8.18

46
doc/sudoers.man.in
View File

@@ -21,7 +21,7 @@
.\" Agency (DARPA) and Air Force Research Laboratory, Air Force .\" Agency (DARPA) and Air Force Research Laboratory, Air Force
.\" Materiel Command, USAF, under agreement number F39502-99-1-0512. .\" Materiel Command, USAF, under agreement number F39502-99-1-0512.
.\" .\"
.TH "SUDOERS" "5" "August 31, 2016" "Sudo @PACKAGE_VERSION@" "File Formats Manual" .TH "SUDOERS" "5" "October 18, 2016" "Sudo @PACKAGE_VERSION@" "File Formats Manual"
.nh .nh
.if n .ad l .if n .ad l
.SH "NAME" .SH "NAME"
@@ -3367,6 +3367,28 @@ See
\fIsyslog_badpri\fR \fIsyslog_badpri\fR
for the list of supported syslog priorities. for the list of supported syslog priorities.
.TP 18n .TP 18n
syslog_maxlen
On many systems,
syslog(3)
has a relatively small log buffer.
IETF RFC 5424 states that syslog servers must support messages of
at least 480 bytes and should support messages up to 2048 bytes.
By default,
\fBsudoers\fR
creates log messages up to 980 bytes which corresponds to the
historic BSD syslog implementation which used a 1024 byte buffer
to store the message, date, hostname and program name.
To prevent syslog messages from being truncated,
\fBsudoers\fR
will split up log messages that are larger than
\fIsyslog_maxlen\fR
bytes.
When a message is split, additional parts will include the string
\(Lq(command continued)\(Rq
after the user name and before the continued command line arguments.
.sp
This setting is only supported by version 1.8.19 or higher.
.TP 18n
sudoers_locale sudoers_locale
Locale to use when parsing the sudoers file, logging commands, and Locale to use when parsing the sudoers file, logging commands, and
sending email. sending email.
@@ -4121,22 +4143,20 @@ The
\fIhostname\fR, \fIhostname\fR,
and and
\fIprogname\fR \fIprogname\fR
fields are added by the syslog daemon, not fields are added by the system's
\fBsyslog\fR()
function, not
\fBsudoers\fR \fBsudoers\fR
itself. itself.
As such, they may vary in format on different systems. As such, they may vary in format on different systems.
.PP .PP
On most systems, The maximum size of syslog messages varies from system to system.
syslog(3) The
has a relatively small log buffer. \fIsyslog_maxlen\fR
To prevent the command line arguments from being truncated, setting can be used to change the maximum syslog message size
\fBsudoers\fR from the default value of 980 bytes.
will split up log messages that are larger than 960 characters For more information, see the description of
(not including the date, hostname, and the string \fIsyslog_maxlen\fR.
\(Lqsudo\(Rq).
When a message is split, additional parts will include the string
\(Lq(command continued)\(Rq
after the user name and before the continued command line arguments.
.SS "Notes on logging to a file" .SS "Notes on logging to a file"
If the If the
\fIlogfile\fR \fIlogfile\fR

47
doc/sudoers.mdoc.in
View File

@@ -19,7 +19,7 @@
.\" Agency (DARPA) and Air Force Research Laboratory, Air Force .\" Agency (DARPA) and Air Force Research Laboratory, Air Force
.\" Materiel Command, USAF, under agreement number F39502-99-1-0512. .\" Materiel Command, USAF, under agreement number F39502-99-1-0512.
.\" .\"
.Dd August 31, 2016 .Dd October 18, 2016
.Dt SUDOERS @mansectform@ .Dt SUDOERS @mansectform@
.Os Sudo @PACKAGE_VERSION@ .Os Sudo @PACKAGE_VERSION@
.Sh NAME .Sh NAME
@@ -3145,6 +3145,27 @@ Defaults to
See See
.Em syslog_badpri .Em syslog_badpri
for the list of supported syslog priorities. for the list of supported syslog priorities.
.It syslog_maxlen
On many systems,
.Xr syslog 3
has a relatively small log buffer.
IETF RFC 5424 states that syslog servers must support messages of
at least 480 bytes and should support messages up to 2048 bytes.
By default,
.Nm
creates log messages up to 980 bytes which corresponds to the
historic BSD syslog implementation which used a 1024 byte buffer
to store the message, date, hostname and program name.
To prevent syslog messages from being truncated,
.Nm
will split up log messages that are larger than
.Em syslog_maxlen
bytes.
When a message is split, additional parts will include the string
.Dq Pq command continued
after the user name and before the continued command line arguments.
.Pp
This setting is only supported by version 1.8.19 or higher.
.It sudoers_locale .It sudoers_locale
Locale to use when parsing the sudoers file, logging commands, and Locale to use when parsing the sudoers file, logging commands, and
sending email. sending email.
@@ -3824,22 +3845,20 @@ The
.Em hostname , .Em hostname ,
and and
.Em progname .Em progname
fields are added by the syslog daemon, not fields are added by the system's
.Nm sudoers .Fn syslog
function, not
.Nm
itself. itself.
As such, they may vary in format on different systems. As such, they may vary in format on different systems.
.Pp .Pp
On most systems, The maximum size of syslog messages varies from system to system.
.Xr syslog 3 The
has a relatively small log buffer. .Em syslog_maxlen
To prevent the command line arguments from being truncated, setting can be used to change the maximum syslog message size
.Nm from the default value of 980 bytes.
will split up log messages that are larger than 960 characters For more information, see the description of
(not including the date, hostname, and the string .Em syslog_maxlen .
.Dq sudo ) .
When a message is split, additional parts will include the string
.Dq Pq command continued
after the user name and before the continued command line arguments.
.Ss Notes on logging to a file .Ss Notes on logging to a file
If the If the
.Em logfile .Em logfile

4
plugins/sudoers/def_data.c
View File

@@ -418,6 +418,10 @@ struct sudo_defs_types sudo_defs_table[] = {
"match_group_by_gid", T_FLAG, "match_group_by_gid", T_FLAG,
N_("Resolve groups in sudoers and match on the group ID, not the name"), N_("Resolve groups in sudoers and match on the group ID, not the name"),
NULL, NULL,
}, {
"syslog_maxlen", T_UINT,
N_("Log entries larger than this value will be split into multiple syslog messages"),
NULL,
}, { }, {
NULL, 0, NULL NULL, 0, NULL
} }

2
plugins/sudoers/def_data.h
View File

@@ -196,6 +196,8 @@
#define def_ignore_logfile_errors (sudo_defs_table[I_IGNORE_LOGFILE_ERRORS].sd_un.flag) #define def_ignore_logfile_errors (sudo_defs_table[I_IGNORE_LOGFILE_ERRORS].sd_un.flag)
#define I_MATCH_GROUP_BY_GID 98 #define I_MATCH_GROUP_BY_GID 98
#define def_match_group_by_gid (sudo_defs_table[I_MATCH_GROUP_BY_GID].sd_un.flag) #define def_match_group_by_gid (sudo_defs_table[I_MATCH_GROUP_BY_GID].sd_un.flag)
#define I_SYSLOG_MAXLEN 99
#define def_syslog_maxlen (sudo_defs_table[I_SYSLOG_MAXLEN].sd_un.uival)
enum def_tuple { enum def_tuple {
never, never,

3
plugins/sudoers/def_data.in
View File

@@ -310,3 +310,6 @@ ignore_logfile_errors
match_group_by_gid match_group_by_gid
T_FLAG T_FLAG
"Resolve groups in sudoers and match on the group ID, not the name" "Resolve groups in sudoers and match on the group ID, not the name"
syslog_maxlen
T_UINT
"Log entries larger than this value will be split into multiple syslog messages"

1
plugins/sudoers/defaults.c
View File

@@ -559,6 +559,7 @@ init_defaults(void)
goto oom; goto oom;
def_set_utmp = true; def_set_utmp = true;
def_pam_setcred = true; def_pam_setcred = true;
def_syslog_maxlen = MAXSYSLOGLEN;
/* Reset the locale. */ /* Reset the locale. */
if (!firsttime) { if (!firsttime) {

14
plugins/sudoers/logging.c
View File

@@ -72,14 +72,18 @@ static char *new_logline(const char *, int);
static void static void
mysyslog(int pri, const char *fmt, ...) mysyslog(int pri, const char *fmt, ...)
{ {
char buf[MAXSYSLOGLEN+1]; char *buf;
va_list ap; va_list ap;
debug_decl(mysyslog, SUDOERS_DEBUG_LOGGING) debug_decl(mysyslog, SUDOERS_DEBUG_LOGGING)
va_start(ap, fmt); va_start(ap, fmt);
openlog("sudo", 0, def_syslog); openlog("sudo", 0, def_syslog);
vsnprintf(buf, sizeof(buf), fmt, ap); if (vasprintf(&buf, fmt, ap) == -1) {
sudo_warnx(U_("%s: %s"), __func__, U_("unable to allocate memory"));
} else {
syslog(pri, "%s", buf); syslog(pri, "%s", buf);
free(buf);
}
va_end(ap); va_end(ap);
closelog(); closelog();
debug_return; debug_return;
@@ -87,7 +91,7 @@ mysyslog(int pri, const char *fmt, ...)
/* /*
* Log a message to syslog, pre-pending the username and splitting the * Log a message to syslog, pre-pending the username and splitting the
* message into parts if it is longer than MAXSYSLOGLEN. * message into parts if it is longer than syslog_maxlen.
*/ */
static void static void
do_syslog(int pri, char *msg) do_syslog(int pri, char *msg)
@@ -104,7 +108,7 @@ do_syslog(int pri, char *msg)
* Log the full line, breaking into multiple syslog(3) calls if necessary * Log the full line, breaking into multiple syslog(3) calls if necessary
*/ */
fmt = _("%8s : %s"); fmt = _("%8s : %s");
maxlen = MAXSYSLOGLEN - (strlen(fmt) - 5 + strlen(user_name)); maxlen = def_syslog_maxlen - (strlen(fmt) - 5 + strlen(user_name));
for (p = msg; *p != '\0'; ) { for (p = msg; *p != '\0'; ) {
len = strlen(p); len = strlen(p);
if (len > maxlen) { if (len > maxlen) {
@@ -132,7 +136,7 @@ do_syslog(int pri, char *msg)
p += len; p += len;
} }
fmt = _("%8s : (command continued) %s"); fmt = _("%8s : (command continued) %s");
maxlen = MAXSYSLOGLEN - (strlen(fmt) - 5 + strlen(user_name)); maxlen = def_syslog_maxlen - (strlen(fmt) - 5 + strlen(user_name));
} }
sudoers_setlocale(oldlocale, NULL); sudoers_setlocale(oldlocale, NULL);