From 62547746d38a61bfca25c07e637114a2f3b463cb Mon Sep 17 00:00:00 2001 From: "Todd C. Miller" Date: Mon, 9 Nov 2020 17:13:04 -0700 Subject: [PATCH] Rename iolog_client -> log_client. The logsrvd client code is now used for more than just I/O logging. --- MANIFEST | 2 +- config.h.in | 5 +- configure | 4 +- configure.ac | 6 +- plugins/sudoers/Makefile.in | 68 +++++++++---------- plugins/sudoers/audit.c | 9 ++- plugins/sudoers/iolog.c | 24 +++---- plugins/sudoers/iolog_plugin.h | 6 +- .../sudoers/{iolog_client.c => log_client.c} | 6 +- plugins/sudoers/sudoers.c | 2 +- 10 files changed, 67 insertions(+), 65 deletions(-) rename plugins/sudoers/{iolog_client.c => log_client.c} (99%) diff --git a/MANIFEST b/MANIFEST index c5a72b8d2..ae56c25b0 100644 --- a/MANIFEST +++ b/MANIFEST @@ -503,7 +503,6 @@ plugins/sudoers/insults.h plugins/sudoers/interfaces.c plugins/sudoers/interfaces.h plugins/sudoers/iolog.c -plugins/sudoers/iolog_client.c plugins/sudoers/iolog_path_escapes.c plugins/sudoers/iolog_plugin.h plugins/sudoers/ldap.c @@ -512,6 +511,7 @@ plugins/sudoers/ldap_util.c plugins/sudoers/linux_audit.c plugins/sudoers/linux_audit.h plugins/sudoers/locale.c +plugins/sudoers/log_client.c plugins/sudoers/logging.c plugins/sudoers/logging.h plugins/sudoers/match.c diff --git a/config.h.in b/config.h.in index 5ed4b5222..d8df9dd6b 100644 --- a/config.h.in +++ b/config.h.in @@ -1189,9 +1189,8 @@ /* Define to 1 if the code in interfaces.c does not compile for you. */ #undef STUB_LOAD_INTERFACES -/* Define to 1 to compile support for sudo_logsrvd in the sudoers I/O log - plugin. */ -#undef SUDOERS_IOLOG_CLIENT +/* Define to 1 to compile support for sudo_logsrvd in the sudoers plugin. */ +#undef SUDOERS_LOG_CLIENT /* An instance string to append to the username (separated by a slash) for Kerberos V authentication. */ diff --git a/configure b/configure index f5428e276..d02128a10 100755 --- a/configure +++ b/configure @@ -6764,7 +6764,7 @@ fi if test "${enable_log_client+set}" = set; then : enableval=$enable_log_client; case "$enableval" in yes) - $as_echo "#define SUDOERS_IOLOG_CLIENT 1" >>confdefs.h + $as_echo "#define SUDOERS_LOG_CLIENT 1" >>confdefs.h ;; no) @@ -6775,7 +6775,7 @@ $as_echo "$as_me: WARNING: Ignoring unknown argument to --enable-log-client: $en esac else - $as_echo "#define SUDOERS_IOLOG_CLIENT 1" >>confdefs.h + $as_echo "#define SUDOERS_LOG_CLIENT 1" >>confdefs.h fi diff --git a/configure.ac b/configure.ac index 8d481ca72..fe942827d 100644 --- a/configure.ac +++ b/configure.ac @@ -1657,14 +1657,14 @@ AC_ARG_ENABLE(log-client, [AS_HELP_STRING([--disable-log-client], [Disable sudoers support for using the sudo_logsrvd log server.])], [ case "$enableval" in yes) - AC_DEFINE([SUDOERS_IOLOG_CLIENT]) + AC_DEFINE([SUDOERS_LOG_CLIENT]) ;; no) ;; *) AC_MSG_WARN([Ignoring unknown argument to --enable-log-client: $enableval]) ;; esac -], [AC_DEFINE([SUDOERS_IOLOG_CLIENT])]) +], [AC_DEFINE([SUDOERS_LOG_CLIENT])]) if test X"$enable_log_server" = X"no" -a X"$enable_log_client" = X"no"; then # No need for liblogsrv.la @@ -4964,7 +4964,7 @@ AH_TEMPLATE(HAVE_KINFO_PROC_OPENBSD, [Define to 1 if your system has an OpenBSD- AH_TEMPLATE(HAVE_OPENSSL, [Define to 1 if you are using OpenSSL's TLS and sha2 functions.]) AH_TEMPLATE(HAVE_GCRYPT, [Define to 1 if you are using gcrypt's sha2 functions.]) AH_TEMPLATE(HAVE_SSL_CTX_SET_MIN_PROTO_VERSION, [Define to 1 if you have the `SSL_CTX_set_min_proto_version' function or macro.]) -AH_TEMPLATE(SUDOERS_IOLOG_CLIENT, [Define to 1 to compile support for sudo_logsrvd in the sudoers I/O log plugin.]) +AH_TEMPLATE(SUDOERS_LOG_CLIENT, [Define to 1 to compile support for sudo_logsrvd in the sudoers plugin.]) AH_TEMPLATE(HAVE_FALLTHROUGH_ATTRIBUTE, [Define to 1 if the compiler supports the fallthrough attribute.]) dnl diff --git a/plugins/sudoers/Makefile.in b/plugins/sudoers/Makefile.in index 3ac3f5349..b310a72ea 100644 --- a/plugins/sudoers/Makefile.in +++ b/plugins/sudoers/Makefile.in @@ -171,7 +171,7 @@ LIBPARSESUDOERS_IOBJS = $(LIBPARSESUDOERS_OBJS:.lo=.i) passwd.i SUDOERS_OBJS = $(AUTH_OBJS) boottime.lo check.lo editor.lo env.lo \ env_pattern.lo file.lo find_path.lo fmtsudoers.lo gc.lo \ goodpath.lo group_plugin.lo interfaces.lo iolog.lo \ - iolog_path_escapes.lo locale.lo iolog_client.lo logging.lo \ + iolog_path_escapes.lo locale.lo log_client.lo logging.lo \ parse.lo policy.lo prompt.lo set_perms.lo starttime.lo \ sudo_nss.lo sudoers.lo timestamp.lo @SUDOERS_OBJS@ @@ -221,7 +221,7 @@ CHECK_GENTIME_OBJS = check_gentime.o gentime.lo gmtoff.lo sudoers_debug.lo CHECK_HEXCHAR_OBJS = check_hexchar.o hexchar.lo sudoers_debug.lo -CHECK_IOLOG_PLUGIN_OBJS = check_iolog_plugin.o iolog.lo iolog_client.lo \ +CHECK_IOLOG_PLUGIN_OBJS = check_iolog_plugin.o iolog.lo log_client.lo \ locale.lo pwutil.lo pwutil_impl.lo redblack.lo \ strlist.lo sudoers_debug.lo @@ -1614,38 +1614,6 @@ iolog.i: $(srcdir)/iolog.c $(devdir)/def_data.h $(incdir)/compat/stdbool.h \ $(CC) -E -o $@ $(CPPFLAGS) $< iolog.plog: iolog.i rm -f $@; pvs-studio --cfg $(PVS_CFG) --sourcetree-root $(top_srcdir) --skip-cl-exe yes --source-file $(srcdir)/iolog.c --i-file $< --output-file $@ -iolog_client.lo: $(srcdir)/iolog_client.c $(devdir)/def_data.h \ - $(incdir)/compat/getaddrinfo.h $(incdir)/compat/stdbool.h \ - $(incdir)/hostcheck.h $(incdir)/log_server.pb-c.h \ - $(incdir)/protobuf-c/protobuf-c.h $(incdir)/sudo_compat.h \ - $(incdir)/sudo_conf.h $(incdir)/sudo_debug.h \ - $(incdir)/sudo_event.h $(incdir)/sudo_eventlog.h \ - $(incdir)/sudo_fatal.h $(incdir)/sudo_gettext.h \ - $(incdir)/sudo_iolog.h $(incdir)/sudo_plugin.h \ - $(incdir)/sudo_queue.h $(incdir)/sudo_util.h \ - $(srcdir)/defaults.h $(srcdir)/iolog_plugin.h \ - $(srcdir)/logging.h $(srcdir)/parse.h $(srcdir)/strlist.h \ - $(srcdir)/sudo_nss.h $(srcdir)/sudoers.h \ - $(srcdir)/sudoers_debug.h $(top_builddir)/config.h \ - $(top_builddir)/pathnames.h - $(LIBTOOL) $(LTFLAGS) --mode=compile $(CC) -c $(CPPFLAGS) $(CFLAGS) $(ASAN_CFLAGS) $(PIE_CFLAGS) $(SSP_CFLAGS) $(srcdir)/iolog_client.c -iolog_client.i: $(srcdir)/iolog_client.c $(devdir)/def_data.h \ - $(incdir)/compat/getaddrinfo.h $(incdir)/compat/stdbool.h \ - $(incdir)/hostcheck.h $(incdir)/log_server.pb-c.h \ - $(incdir)/protobuf-c/protobuf-c.h $(incdir)/sudo_compat.h \ - $(incdir)/sudo_conf.h $(incdir)/sudo_debug.h \ - $(incdir)/sudo_event.h $(incdir)/sudo_eventlog.h \ - $(incdir)/sudo_fatal.h $(incdir)/sudo_gettext.h \ - $(incdir)/sudo_iolog.h $(incdir)/sudo_plugin.h \ - $(incdir)/sudo_queue.h $(incdir)/sudo_util.h \ - $(srcdir)/defaults.h $(srcdir)/iolog_plugin.h \ - $(srcdir)/logging.h $(srcdir)/parse.h $(srcdir)/strlist.h \ - $(srcdir)/sudo_nss.h $(srcdir)/sudoers.h \ - $(srcdir)/sudoers_debug.h $(top_builddir)/config.h \ - $(top_builddir)/pathnames.h - $(CC) -E -o $@ $(CPPFLAGS) $< -iolog_client.plog: iolog_client.i - rm -f $@; pvs-studio --cfg $(PVS_CFG) --sourcetree-root $(top_srcdir) --skip-cl-exe yes --source-file $(srcdir)/iolog_client.c --i-file $< --output-file $@ iolog_path_escapes.lo: $(srcdir)/iolog_path_escapes.c $(devdir)/def_data.h \ $(incdir)/compat/stdbool.h $(incdir)/sudo_compat.h \ $(incdir)/sudo_conf.h $(incdir)/sudo_debug.h \ @@ -1810,6 +1778,38 @@ locale.i: $(srcdir)/locale.c $(devdir)/def_data.h $(incdir)/compat/stdbool.h \ $(CC) -E -o $@ $(CPPFLAGS) $< locale.plog: locale.i rm -f $@; pvs-studio --cfg $(PVS_CFG) --sourcetree-root $(top_srcdir) --skip-cl-exe yes --source-file $(srcdir)/locale.c --i-file $< --output-file $@ +log_client.lo: $(srcdir)/log_client.c $(devdir)/def_data.h \ + $(incdir)/compat/getaddrinfo.h $(incdir)/compat/stdbool.h \ + $(incdir)/hostcheck.h $(incdir)/log_server.pb-c.h \ + $(incdir)/protobuf-c/protobuf-c.h $(incdir)/sudo_compat.h \ + $(incdir)/sudo_conf.h $(incdir)/sudo_debug.h \ + $(incdir)/sudo_event.h $(incdir)/sudo_eventlog.h \ + $(incdir)/sudo_fatal.h $(incdir)/sudo_gettext.h \ + $(incdir)/sudo_iolog.h $(incdir)/sudo_plugin.h \ + $(incdir)/sudo_queue.h $(incdir)/sudo_util.h \ + $(srcdir)/defaults.h $(srcdir)/iolog_plugin.h \ + $(srcdir)/logging.h $(srcdir)/parse.h $(srcdir)/strlist.h \ + $(srcdir)/sudo_nss.h $(srcdir)/sudoers.h \ + $(srcdir)/sudoers_debug.h $(top_builddir)/config.h \ + $(top_builddir)/pathnames.h + $(LIBTOOL) $(LTFLAGS) --mode=compile $(CC) -c $(CPPFLAGS) $(CFLAGS) $(ASAN_CFLAGS) $(PIE_CFLAGS) $(SSP_CFLAGS) $(srcdir)/log_client.c +log_client.i: $(srcdir)/log_client.c $(devdir)/def_data.h \ + $(incdir)/compat/getaddrinfo.h $(incdir)/compat/stdbool.h \ + $(incdir)/hostcheck.h $(incdir)/log_server.pb-c.h \ + $(incdir)/protobuf-c/protobuf-c.h $(incdir)/sudo_compat.h \ + $(incdir)/sudo_conf.h $(incdir)/sudo_debug.h \ + $(incdir)/sudo_event.h $(incdir)/sudo_eventlog.h \ + $(incdir)/sudo_fatal.h $(incdir)/sudo_gettext.h \ + $(incdir)/sudo_iolog.h $(incdir)/sudo_plugin.h \ + $(incdir)/sudo_queue.h $(incdir)/sudo_util.h \ + $(srcdir)/defaults.h $(srcdir)/iolog_plugin.h \ + $(srcdir)/logging.h $(srcdir)/parse.h $(srcdir)/strlist.h \ + $(srcdir)/sudo_nss.h $(srcdir)/sudoers.h \ + $(srcdir)/sudoers_debug.h $(top_builddir)/config.h \ + $(top_builddir)/pathnames.h + $(CC) -E -o $@ $(CPPFLAGS) $< +log_client.plog: log_client.i + rm -f $@; pvs-studio --cfg $(PVS_CFG) --sourcetree-root $(top_srcdir) --skip-cl-exe yes --source-file $(srcdir)/log_client.c --i-file $< --output-file $@ logging.lo: $(srcdir)/logging.c $(devdir)/def_data.h \ $(incdir)/compat/getaddrinfo.h $(incdir)/compat/stdbool.h \ $(incdir)/sudo_compat.h $(incdir)/sudo_conf.h \ diff --git a/plugins/sudoers/audit.c b/plugins/sudoers/audit.c index 340d15f9e..5caf885df 100644 --- a/plugins/sudoers/audit.c +++ b/plugins/sudoers/audit.c @@ -43,7 +43,7 @@ # include "solaris_audit.h" #endif -#ifdef SUDOERS_IOLOG_CLIENT +#ifdef SUDOERS_LOG_CLIENT static struct client_closure *client_closure = NULL; static struct iolog_details audit_details; #endif @@ -52,6 +52,9 @@ char *audit_msg = NULL; /* sudoers_audit is declared at the end of this file. */ extern sudo_dso_public struct audit_plugin sudoers_audit; +/* XXX */ +int iolog_deserialize_info(struct iolog_details *details, char * const user_info[], char * const command_info[], char * const argv[], char * const user_env[]); + static int audit_success(char *const argv[]) { @@ -226,7 +229,7 @@ sudoers_audit_accept(const char *plugin_name, unsigned int plugin_type, if (!log_allowed() && !def_ignore_logfile_errors) ret = false; -#ifdef SUDOERS_IOLOG_CLIENT +#ifdef SUDOERS_LOG_CLIENT /* XXX - move to function, maybe log_allowed()? */ if (!SLIST_EMPTY(&def_log_servers) && !def_log_input && !def_log_output) { /* Send accept event to log server. */ @@ -316,7 +319,7 @@ sudoers_audit_error(const char *plugin_name, unsigned int plugin_type, void sudoers_audit_close(int status_type, int status) { -#ifdef SUDOERS_IOLOG_CLIENT +#ifdef SUDOERS_LOG_CLIENT debug_decl(sudoers_audit_close, SUDOERS_DEBUG_PLUGIN); if (client_closure != NULL) { diff --git a/plugins/sudoers/iolog.c b/plugins/sudoers/iolog.c index bdb4f34ae..37a3fd08b 100644 --- a/plugins/sudoers/iolog.c +++ b/plugins/sudoers/iolog.c @@ -64,7 +64,7 @@ static struct sudoers_io_operations { const char **errstr); } io_operations; -#ifdef SUDOERS_IOLOG_CLIENT +#ifdef SUDOERS_LOG_CLIENT static struct client_closure *client_closure; #endif static struct iolog_details iolog_details; @@ -671,7 +671,7 @@ done: debug_return_int(ret); } -#ifdef SUDOERS_IOLOG_CLIENT +#ifdef SUDOERS_LOG_CLIENT static int sudoers_io_open_remote(struct timespec *now) { @@ -685,7 +685,7 @@ sudoers_io_open_remote(struct timespec *now) debug_return_int(-1); } -#endif /* SUDOERS_IOLOG_CLIENT */ +#endif /* SUDOERS_LOG_CLIENT */ static int sudoers_io_open(unsigned int version, sudo_conv_t conversation, @@ -813,7 +813,7 @@ sudoers_io_close_local(int exit_status, int error, const char **errstr) debug_return; } -#ifdef SUDOERS_IOLOG_CLIENT +#ifdef SUDOERS_LOG_CLIENT static void sudoers_io_close_remote(int exit_status, int error, const char **errstr) { @@ -910,7 +910,7 @@ done: debug_return_int(ret); } -#ifdef SUDOERS_IOLOG_CLIENT +#ifdef SUDOERS_LOG_CLIENT /* * Schedule an I/O log entry to be written to the log server. * Returns 1 on success and -1 on error. @@ -959,7 +959,7 @@ sudoers_io_log_remote(int event, const char *buf, unsigned int len, done: debug_return_int(ret); } -#endif /* SUDOERS_IOLOG_CLIENT */ +#endif /* SUDOERS_LOG_CLIENT */ /* * Generic I/O logging function. Called by the I/O logging entry points. @@ -1068,7 +1068,7 @@ done: debug_return_int(ret); } -#ifdef SUDOERS_IOLOG_CLIENT +#ifdef SUDOERS_LOG_CLIENT static int sudoers_io_change_winsize_remote(unsigned int lines, unsigned int cols, struct timespec *delay, const char **errstr) @@ -1091,7 +1091,7 @@ sudoers_io_change_winsize_remote(unsigned int lines, unsigned int cols, debug_return_int(ret); } -#endif /* SUDOERS_IOLOG_CLIENT */ +#endif /* SUDOERS_LOG_CLIENT */ static int sudoers_io_change_winsize(unsigned int lines, unsigned int cols, const char **errstr) @@ -1166,7 +1166,7 @@ done: debug_return_int(ret); } -#ifdef SUDOERS_IOLOG_CLIENT +#ifdef SUDOERS_LOG_CLIENT static int sudoers_io_suspend_remote(const char *signame, struct timespec *delay, const char **errstr) @@ -1189,7 +1189,7 @@ sudoers_io_suspend_remote(const char *signame, struct timespec *delay, debug_return_int(ret); } -#endif /* SUDOERS_IOLOG_CLIENT */ +#endif /* SUDOERS_LOG_CLIENT */ static int sudoers_io_suspend(int signo, const char **errstr) @@ -1253,7 +1253,7 @@ sudoers_io_setops(void) { debug_decl(sudoers_io_setops, SUDOERS_DEBUG_PLUGIN); -#ifdef SUDOERS_IOLOG_CLIENT +#ifdef SUDOERS_LOG_CLIENT if (sudoers_io.event_alloc != NULL && iolog_details.log_servers != NULL) { io_operations.open = sudoers_io_open_remote; io_operations.close = sudoers_io_close_remote; @@ -1261,7 +1261,7 @@ sudoers_io_setops(void) io_operations.change_winsize = sudoers_io_change_winsize_remote; io_operations.suspend = sudoers_io_suspend_remote; } else -#endif /* SUDOERS_IOLOG_CLIENT */ +#endif /* SUDOERS_LOG_CLIENT */ { io_operations.open = sudoers_io_open_local; io_operations.close = sudoers_io_close_local; diff --git a/plugins/sudoers/iolog_plugin.h b/plugins/sudoers/iolog_plugin.h index 3d11588d9..13ff05b29 100644 --- a/plugins/sudoers/iolog_plugin.h +++ b/plugins/sudoers/iolog_plugin.h @@ -16,8 +16,8 @@ * OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. */ -#ifndef SUDOERS_IOLOG_CLIENT_H -#define SUDOERS_IOLOG_CLIENT_H +#ifndef SUDOERS_LOG_CLIENT_H +#define SUDOERS_LOG_CLIENT_H #if defined(HAVE_OPENSSL) # include @@ -117,4 +117,4 @@ bool log_server_connect(struct client_closure *closure); void client_closure_free(struct client_closure *closure); bool read_server_hello(struct client_closure *closure); -#endif /* SUDOERS_IOLOG_CLIENT_H */ +#endif /* SUDOERS_LOG_CLIENT_H */ diff --git a/plugins/sudoers/iolog_client.c b/plugins/sudoers/log_client.c similarity index 99% rename from plugins/sudoers/iolog_client.c rename to plugins/sudoers/log_client.c index 3d50bc963..97e6ae203 100644 --- a/plugins/sudoers/iolog_client.c +++ b/plugins/sudoers/log_client.c @@ -18,7 +18,7 @@ #include "config.h" -#ifdef SUDOERS_IOLOG_CLIENT +#ifdef SUDOERS_LOG_CLIENT #include #include @@ -610,7 +610,7 @@ log_server_connect(struct client_closure *closure) } /* - * Free client closure and contents, including log details. + * Free client closure and contents, not including log details. */ void client_closure_free(struct client_closure *closure) @@ -1892,4 +1892,4 @@ done: debug_return_bool(ret); } -#endif /* SUDOERS_IOLOG_CLIENT */ +#endif /* SUDOERS_LOG_CLIENT */ diff --git a/plugins/sudoers/sudoers.c b/plugins/sudoers/sudoers.c index 63b15d9fb..6861722cb 100644 --- a/plugins/sudoers/sudoers.c +++ b/plugins/sudoers/sudoers.c @@ -107,7 +107,7 @@ static struct rlimit nproclimit; int NewArgc; char **NewArgv; -#ifdef SUDOERS_IOLOG_CLIENT +#ifdef SUDOERS_LOG_CLIENT # define remote_iologs (!SLIST_EMPTY(&def_log_servers)) #else # define remote_iologs 0