mir/sudo
2
0
Fork 0
mirror of https://github.com/sudo-project/sudo.git synced 2025-08-22 01:49:11 +00:00
Code Issues Releases Wiki Activity

Rename iolog_client -> log_client.

Browse Source 
The logsrvd client code is now used for more than just I/O logging.
This commit is contained in:
Todd C. Miller 2020-11-09 17:13:04 -07:00
parent 2112d9beb1
commit 62547746d3
10 changed files with 67 additions and 65 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

2
MANIFEST
View File

@ -503,7 +503,6 @@ plugins/sudoers/insults.h
plugins/sudoers/interfaces.c
plugins/sudoers/interfaces.h
plugins/sudoers/iolog.c
plugins/sudoers/iolog_client.c
plugins/sudoers/iolog_path_escapes.c
plugins/sudoers/iolog_plugin.h
plugins/sudoers/ldap.c
@ -512,6 +511,7 @@ plugins/sudoers/ldap_util.c
plugins/sudoers/linux_audit.c
plugins/sudoers/linux_audit.h
plugins/sudoers/locale.c
plugins/sudoers/log_client.c
plugins/sudoers/logging.c
plugins/sudoers/logging.h
plugins/sudoers/match.c

5
config.h.in
View File

@ -1189,9 +1189,8 @@
/* Define to 1 if the code in interfaces.c does not compile for you. */
#undef STUB_LOAD_INTERFACES
/* Define to 1 to compile support for sudo_logsrvd in the sudoers I/O log
plugin. */
#undef SUDOERS_IOLOG_CLIENT
/* Define to 1 to compile support for sudo_logsrvd in the sudoers plugin. */
#undef SUDOERS_LOG_CLIENT
/* An instance string to append to the username (separated by a slash) for
Kerberos V authentication. */

4
configure vendored
View File

@ -6764,7 +6764,7 @@ fi
if test "${enable_log_client+set}" = set; then :
enableval=$enable_log_client; case "$enableval" in
yes)
$as_echo "#define SUDOERS_IOLOG_CLIENT 1" >>confdefs.h
$as_echo "#define SUDOERS_LOG_CLIENT 1" >>confdefs.h
;;
no)
@ -6775,7 +6775,7 @@ $as_echo "$as_me: WARNING: Ignoring unknown argument to --enable-log-client: $en
esac
else
$as_echo "#define SUDOERS_IOLOG_CLIENT 1" >>confdefs.h
$as_echo "#define SUDOERS_LOG_CLIENT 1" >>confdefs.h
fi

6
configure.ac
View File

@ -1657,14 +1657,14 @@ AC_ARG_ENABLE(log-client,
[AS_HELP_STRING([--disable-log-client], [Disable sudoers support for using the sudo_logsrvd log server.])],
[ case "$enableval" in
yes)
AC_DEFINE([SUDOERS_IOLOG_CLIENT])
AC_DEFINE([SUDOERS_LOG_CLIENT])
;;
no)
;;
*) AC_MSG_WARN([Ignoring unknown argument to --enable-log-client: $enableval])
;;
esac
], [AC_DEFINE([SUDOERS_IOLOG_CLIENT])])
], [AC_DEFINE([SUDOERS_LOG_CLIENT])])
if test X"$enable_log_server" = X"no" -a X"$enable_log_client" = X"no"; then
# No need for liblogsrv.la
@ -4964,7 +4964,7 @@ AH_TEMPLATE(HAVE_KINFO_PROC_OPENBSD, [Define to 1 if your system has an OpenBSD-
AH_TEMPLATE(HAVE_OPENSSL, [Define to 1 if you are using OpenSSL's TLS and sha2 functions.])
AH_TEMPLATE(HAVE_GCRYPT, [Define to 1 if you are using gcrypt's sha2 functions.])
AH_TEMPLATE(HAVE_SSL_CTX_SET_MIN_PROTO_VERSION, [Define to 1 if you have the `SSL_CTX_set_min_proto_version' function or macro.])
AH_TEMPLATE(SUDOERS_IOLOG_CLIENT, [Define to 1 to compile support for sudo_logsrvd in the sudoers I/O log plugin.])
AH_TEMPLATE(SUDOERS_LOG_CLIENT, [Define to 1 to compile support for sudo_logsrvd in the sudoers plugin.])
AH_TEMPLATE(HAVE_FALLTHROUGH_ATTRIBUTE, [Define to 1 if the compiler supports the fallthrough attribute.])
dnl

68
plugins/sudoers/Makefile.in
View File

@ -171,7 +171,7 @@ LIBPARSESUDOERS_IOBJS = $(LIBPARSESUDOERS_OBJS:.lo=.i) passwd.i
SUDOERS_OBJS = $(AUTH_OBJS) boottime.lo check.lo editor.lo env.lo \
env_pattern.lo file.lo find_path.lo fmtsudoers.lo gc.lo \
goodpath.lo group_plugin.lo interfaces.lo iolog.lo \
iolog_path_escapes.lo locale.lo iolog_client.lo logging.lo \
iolog_path_escapes.lo locale.lo log_client.lo logging.lo \
parse.lo policy.lo prompt.lo set_perms.lo starttime.lo \
sudo_nss.lo sudoers.lo timestamp.lo @SUDOERS_OBJS@
@ -221,7 +221,7 @@ CHECK_GENTIME_OBJS = check_gentime.o gentime.lo gmtoff.lo sudoers_debug.lo
CHECK_HEXCHAR_OBJS = check_hexchar.o hexchar.lo sudoers_debug.lo
CHECK_IOLOG_PLUGIN_OBJS = check_iolog_plugin.o iolog.lo iolog_client.lo \
CHECK_IOLOG_PLUGIN_OBJS = check_iolog_plugin.o iolog.lo log_client.lo \
locale.lo pwutil.lo pwutil_impl.lo redblack.lo \
strlist.lo sudoers_debug.lo
@ -1614,38 +1614,6 @@ iolog.i: $(srcdir)/iolog.c $(devdir)/def_data.h $(incdir)/compat/stdbool.h \
$(CC) -E -o $@ $(CPPFLAGS) $<
iolog.plog: iolog.i
rm -f $@; pvs-studio --cfg $(PVS_CFG) --sourcetree-root $(top_srcdir) --skip-cl-exe yes --source-file $(srcdir)/iolog.c --i-file $< --output-file $@
iolog_client.lo: $(srcdir)/iolog_client.c $(devdir)/def_data.h \
$(incdir)/compat/getaddrinfo.h $(incdir)/compat/stdbool.h \
$(incdir)/hostcheck.h $(incdir)/log_server.pb-c.h \
$(incdir)/protobuf-c/protobuf-c.h $(incdir)/sudo_compat.h \
$(incdir)/sudo_conf.h $(incdir)/sudo_debug.h \
$(incdir)/sudo_event.h $(incdir)/sudo_eventlog.h \
$(incdir)/sudo_fatal.h $(incdir)/sudo_gettext.h \
$(incdir)/sudo_iolog.h $(incdir)/sudo_plugin.h \
$(incdir)/sudo_queue.h $(incdir)/sudo_util.h \
$(srcdir)/defaults.h $(srcdir)/iolog_plugin.h \
$(srcdir)/logging.h $(srcdir)/parse.h $(srcdir)/strlist.h \
$(srcdir)/sudo_nss.h $(srcdir)/sudoers.h \
$(srcdir)/sudoers_debug.h $(top_builddir)/config.h \
$(top_builddir)/pathnames.h
$(LIBTOOL) $(LTFLAGS) --mode=compile $(CC) -c $(CPPFLAGS) $(CFLAGS) $(ASAN_CFLAGS) $(PIE_CFLAGS) $(SSP_CFLAGS) $(srcdir)/iolog_client.c
iolog_client.i: $(srcdir)/iolog_client.c $(devdir)/def_data.h \
$(incdir)/compat/getaddrinfo.h $(incdir)/compat/stdbool.h \
$(incdir)/hostcheck.h $(incdir)/log_server.pb-c.h \
$(incdir)/protobuf-c/protobuf-c.h $(incdir)/sudo_compat.h \
$(incdir)/sudo_conf.h $(incdir)/sudo_debug.h \
$(incdir)/sudo_event.h $(incdir)/sudo_eventlog.h \
$(incdir)/sudo_fatal.h $(incdir)/sudo_gettext.h \
$(incdir)/sudo_iolog.h $(incdir)/sudo_plugin.h \
$(incdir)/sudo_queue.h $(incdir)/sudo_util.h \
$(srcdir)/defaults.h $(srcdir)/iolog_plugin.h \
$(srcdir)/logging.h $(srcdir)/parse.h $(srcdir)/strlist.h \
$(srcdir)/sudo_nss.h $(srcdir)/sudoers.h \
$(srcdir)/sudoers_debug.h $(top_builddir)/config.h \
$(top_builddir)/pathnames.h
$(CC) -E -o $@ $(CPPFLAGS) $<
iolog_client.plog: iolog_client.i
rm -f $@; pvs-studio --cfg $(PVS_CFG) --sourcetree-root $(top_srcdir) --skip-cl-exe yes --source-file $(srcdir)/iolog_client.c --i-file $< --output-file $@
iolog_path_escapes.lo: $(srcdir)/iolog_path_escapes.c $(devdir)/def_data.h \
$(incdir)/compat/stdbool.h $(incdir)/sudo_compat.h \
$(incdir)/sudo_conf.h $(incdir)/sudo_debug.h \
@ -1810,6 +1778,38 @@ locale.i: $(srcdir)/locale.c $(devdir)/def_data.h $(incdir)/compat/stdbool.h \
$(CC) -E -o $@ $(CPPFLAGS) $<
locale.plog: locale.i
rm -f $@; pvs-studio --cfg $(PVS_CFG) --sourcetree-root $(top_srcdir) --skip-cl-exe yes --source-file $(srcdir)/locale.c --i-file $< --output-file $@
log_client.lo: $(srcdir)/log_client.c $(devdir)/def_data.h \
$(incdir)/compat/getaddrinfo.h $(incdir)/compat/stdbool.h \
$(incdir)/hostcheck.h $(incdir)/log_server.pb-c.h \
$(incdir)/protobuf-c/protobuf-c.h $(incdir)/sudo_compat.h \
$(incdir)/sudo_conf.h $(incdir)/sudo_debug.h \
$(incdir)/sudo_event.h $(incdir)/sudo_eventlog.h \
$(incdir)/sudo_fatal.h $(incdir)/sudo_gettext.h \
$(incdir)/sudo_iolog.h $(incdir)/sudo_plugin.h \
$(incdir)/sudo_queue.h $(incdir)/sudo_util.h \
$(srcdir)/defaults.h $(srcdir)/iolog_plugin.h \
$(srcdir)/logging.h $(srcdir)/parse.h $(srcdir)/strlist.h \
$(srcdir)/sudo_nss.h $(srcdir)/sudoers.h \
$(srcdir)/sudoers_debug.h $(top_builddir)/config.h \
$(top_builddir)/pathnames.h
$(LIBTOOL) $(LTFLAGS) --mode=compile $(CC) -c $(CPPFLAGS) $(CFLAGS) $(ASAN_CFLAGS) $(PIE_CFLAGS) $(SSP_CFLAGS) $(srcdir)/log_client.c
log_client.i: $(srcdir)/log_client.c $(devdir)/def_data.h \
$(incdir)/compat/getaddrinfo.h $(incdir)/compat/stdbool.h \
$(incdir)/hostcheck.h $(incdir)/log_server.pb-c.h \
$(incdir)/protobuf-c/protobuf-c.h $(incdir)/sudo_compat.h \
$(incdir)/sudo_conf.h $(incdir)/sudo_debug.h \
$(incdir)/sudo_event.h $(incdir)/sudo_eventlog.h \
$(incdir)/sudo_fatal.h $(incdir)/sudo_gettext.h \
$(incdir)/sudo_iolog.h $(incdir)/sudo_plugin.h \
$(incdir)/sudo_queue.h $(incdir)/sudo_util.h \
$(srcdir)/defaults.h $(srcdir)/iolog_plugin.h \
$(srcdir)/logging.h $(srcdir)/parse.h $(srcdir)/strlist.h \
$(srcdir)/sudo_nss.h $(srcdir)/sudoers.h \
$(srcdir)/sudoers_debug.h $(top_builddir)/config.h \
$(top_builddir)/pathnames.h
$(CC) -E -o $@ $(CPPFLAGS) $<
log_client.plog: log_client.i
rm -f $@; pvs-studio --cfg $(PVS_CFG) --sourcetree-root $(top_srcdir) --skip-cl-exe yes --source-file $(srcdir)/log_client.c --i-file $< --output-file $@
logging.lo: $(srcdir)/logging.c $(devdir)/def_data.h \
$(incdir)/compat/getaddrinfo.h $(incdir)/compat/stdbool.h \
$(incdir)/sudo_compat.h $(incdir)/sudo_conf.h \

9
plugins/sudoers/audit.c
View File

@ -43,7 +43,7 @@
# include "solaris_audit.h"
#endif
#ifdef SUDOERS_IOLOG_CLIENT
#ifdef SUDOERS_LOG_CLIENT
static struct client_closure *client_closure = NULL;
static struct iolog_details audit_details;
#endif
@ -52,6 +52,9 @@ char *audit_msg = NULL;
/* sudoers_audit is declared at the end of this file. */
extern sudo_dso_public struct audit_plugin sudoers_audit;
/* XXX */
int iolog_deserialize_info(struct iolog_details *details, char * const user_info[], char * const command_info[], char * const argv[], char * const user_env[]);
static int
audit_success(char *const argv[])
{
@ -226,7 +229,7 @@ sudoers_audit_accept(const char *plugin_name, unsigned int plugin_type,
if (!log_allowed() && !def_ignore_logfile_errors)
ret = false;
#ifdef SUDOERS_IOLOG_CLIENT
#ifdef SUDOERS_LOG_CLIENT
/* XXX - move to function, maybe log_allowed()? */
if (!SLIST_EMPTY(&def_log_servers) && !def_log_input && !def_log_output) {
/* Send accept event to log server. */
@ -316,7 +319,7 @@ sudoers_audit_error(const char *plugin_name, unsigned int plugin_type,
void
sudoers_audit_close(int status_type, int status)
{
#ifdef SUDOERS_IOLOG_CLIENT
#ifdef SUDOERS_LOG_CLIENT
debug_decl(sudoers_audit_close, SUDOERS_DEBUG_PLUGIN);
if (client_closure != NULL) {

24
plugins/sudoers/iolog.c
View File

@ -64,7 +64,7 @@ static struct sudoers_io_operations {
const char **errstr);
} io_operations;
#ifdef SUDOERS_IOLOG_CLIENT
#ifdef SUDOERS_LOG_CLIENT
static struct client_closure *client_closure;
#endif
static struct iolog_details iolog_details;
@ -671,7 +671,7 @@ done:
debug_return_int(ret);
}
#ifdef SUDOERS_IOLOG_CLIENT
#ifdef SUDOERS_LOG_CLIENT
static int
sudoers_io_open_remote(struct timespec *now)
{
@ -685,7 +685,7 @@ sudoers_io_open_remote(struct timespec *now)
debug_return_int(-1);
}
#endif /* SUDOERS_IOLOG_CLIENT */
#endif /* SUDOERS_LOG_CLIENT */
static int
sudoers_io_open(unsigned int version, sudo_conv_t conversation,
@ -813,7 +813,7 @@ sudoers_io_close_local(int exit_status, int error, const char **errstr)
debug_return;
}
#ifdef SUDOERS_IOLOG_CLIENT
#ifdef SUDOERS_LOG_CLIENT
static void
sudoers_io_close_remote(int exit_status, int error, const char **errstr)
{
@ -910,7 +910,7 @@ done:
debug_return_int(ret);
}
#ifdef SUDOERS_IOLOG_CLIENT
#ifdef SUDOERS_LOG_CLIENT
/*
* Schedule an I/O log entry to be written to the log server.
* Returns 1 on success and -1 on error.
@ -959,7 +959,7 @@ sudoers_io_log_remote(int event, const char *buf, unsigned int len,
done:
debug_return_int(ret);
}
#endif /* SUDOERS_IOLOG_CLIENT */
#endif /* SUDOERS_LOG_CLIENT */
/*
* Generic I/O logging function. Called by the I/O logging entry points.
@ -1068,7 +1068,7 @@ done:
debug_return_int(ret);
}
#ifdef SUDOERS_IOLOG_CLIENT
#ifdef SUDOERS_LOG_CLIENT
static int
sudoers_io_change_winsize_remote(unsigned int lines, unsigned int cols,
struct timespec *delay, const char **errstr)
@ -1091,7 +1091,7 @@ sudoers_io_change_winsize_remote(unsigned int lines, unsigned int cols,
debug_return_int(ret);
}
#endif /* SUDOERS_IOLOG_CLIENT */
#endif /* SUDOERS_LOG_CLIENT */
static int
sudoers_io_change_winsize(unsigned int lines, unsigned int cols, const char **errstr)
@ -1166,7 +1166,7 @@ done:
debug_return_int(ret);
}
#ifdef SUDOERS_IOLOG_CLIENT
#ifdef SUDOERS_LOG_CLIENT
static int
sudoers_io_suspend_remote(const char *signame, struct timespec *delay,
const char **errstr)
@ -1189,7 +1189,7 @@ sudoers_io_suspend_remote(const char *signame, struct timespec *delay,
debug_return_int(ret);
}
#endif /* SUDOERS_IOLOG_CLIENT */
#endif /* SUDOERS_LOG_CLIENT */
static int
sudoers_io_suspend(int signo, const char **errstr)
@ -1253,7 +1253,7 @@ sudoers_io_setops(void)
{
debug_decl(sudoers_io_setops, SUDOERS_DEBUG_PLUGIN);
#ifdef SUDOERS_IOLOG_CLIENT
#ifdef SUDOERS_LOG_CLIENT
if (sudoers_io.event_alloc != NULL && iolog_details.log_servers != NULL) {
io_operations.open = sudoers_io_open_remote;
io_operations.close = sudoers_io_close_remote;
@ -1261,7 +1261,7 @@ sudoers_io_setops(void)
io_operations.change_winsize = sudoers_io_change_winsize_remote;
io_operations.suspend = sudoers_io_suspend_remote;
} else
#endif /* SUDOERS_IOLOG_CLIENT */
#endif /* SUDOERS_LOG_CLIENT */
{
io_operations.open = sudoers_io_open_local;
io_operations.close = sudoers_io_close_local;

6
plugins/sudoers/iolog_plugin.h
View File

@ -16,8 +16,8 @@
* OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
*/
#ifndef SUDOERS_IOLOG_CLIENT_H
#define SUDOERS_IOLOG_CLIENT_H
#ifndef SUDOERS_LOG_CLIENT_H
#define SUDOERS_LOG_CLIENT_H
#if defined(HAVE_OPENSSL)
# include <openssl/ssl.h>
@ -117,4 +117,4 @@ bool log_server_connect(struct client_closure *closure);
void client_closure_free(struct client_closure *closure);
bool read_server_hello(struct client_closure *closure);
#endif /* SUDOERS_IOLOG_CLIENT_H */
#endif /* SUDOERS_LOG_CLIENT_H */

6
plugins/sudoers/iolog_client.c → plugins/sudoers/log_client.c
View File

@ -18,7 +18,7 @@
#include "config.h"
#ifdef SUDOERS_IOLOG_CLIENT
#ifdef SUDOERS_LOG_CLIENT
#include <sys/stat.h>
#include <sys/types.h>
@ -610,7 +610,7 @@ log_server_connect(struct client_closure *closure)
}
/*
* Free client closure and contents, including log details.
* Free client closure and contents, not including log details.
*/
void
client_closure_free(struct client_closure *closure)
@ -1892,4 +1892,4 @@ done:
debug_return_bool(ret);
}
#endif /* SUDOERS_IOLOG_CLIENT */
#endif /* SUDOERS_LOG_CLIENT */

2
plugins/sudoers/sudoers.c
View File

@ -107,7 +107,7 @@ static struct rlimit nproclimit;
int NewArgc;
char **NewArgv;
#ifdef SUDOERS_IOLOG_CLIENT
#ifdef SUDOERS_LOG_CLIENT
# define remote_iologs (!SLIST_EMPTY(&def_log_servers))
#else
# define remote_iologs 0