mir/sudo
2
0
Fork 0
mirror of https://github.com/sudo-project/sudo.git synced 2025-08-22 09:57:41 +00:00
Code Issues Releases Wiki Activity

Add info_msgs to AlertMessage and populate it.

Browse Source 
This lets us log eventlog info along with the alert if it is available.
This commit is contained in:
Todd C. Miller 2020-11-09 17:15:11 -07:00
parent 62525dcc94
commit 9779009fae
9 changed files with 87 additions and 25 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

19
doc/sudo_logsrv.proto.man.in
View File

@ -16,7 +16,7 @@
.\" ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF .\" ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF
.\" OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. .\" OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
.\" .\"
.TH "SUDO_LOGSRV.PROTO" "@mansectform@" "May 4, 2020" "Sudo @PACKAGE_VERSION@" "File Formats Manual" .TH "SUDO_LOGSRV.PROTO" "@mansectform@" "November 6, 2020" "Sudo @PACKAGE_VERSION@" "File Formats Manual"
.nh .nh
.if n .ad l .if n .ad l
.SH "NAME" .SH "NAME"
@ -174,7 +174,6 @@ describing the user who submitted the command as well as the execution
environment of the command. environment of the command.
This information is used to generate an event log entry and may also be This information is used to generate an event log entry and may also be
used by server to determine where and how the I/O log is stored. used by server to determine where and how the I/O log is stored.
as choose the
.TP 8n .TP 8n
expect_iobufs expect_iobufs
Set to true if the server should expect Set to true if the server should expect
@ -326,6 +325,7 @@ or
message AlertMessage { message AlertMessage {
TimeSpec alert_time = 1; TimeSpec alert_time = 1;
string reason = 2; string reason = 2;
repeated InfoMessage info_msgs = 3;
} }
.RE .RE
.fi .fi
@ -341,6 +341,13 @@ The wall clock time when the alert occurred.
.TP 8n .TP 8n
reason reason
The reason for the alert. The reason for the alert.
.TP 8n
info_msgs
An optional array of
\fIInfoMessage\fR
describing the user who submitted the command as well as the execution
environment of the command.
This information is used to generate an event log entry.
.SS "IoBuffer ttyin_buf | ttyout_buf | stdin_buf | stdout_buf | stderr_buf" .SS "IoBuffer ttyin_buf | ttyout_buf | stdin_buf | stdout_buf | stderr_buf"
.nf .nf
.RS 0n .RS 0n
@ -599,7 +606,8 @@ If an
\fIabort\fR \fIabort\fR
message is received, the client should terminate the running command. message is received, the client should terminate the running command.
.SH "EVENT LOG VARIABLES" .SH "EVENT LOG VARIABLES"
\fIAcceptMessage\fR \fIAcceptMessage\fR,
\fIAlertMessage\fR
and and
\fIRejectMessage\fR \fIRejectMessage\fR
classes contain an array of classes contain an array of
@ -798,8 +806,9 @@ message ExitMessage {
/* Alert message, policy module-specific. */ /* Alert message, policy module-specific. */
message AlertMessage { message AlertMessage {
TimeSpec alert_time = 1; /* time alert message occurred */ TimeSpec alert_time = 1; /* time alert message occurred */
string reason = 2; /* description of policy violation */ string reason = 2; /* policy alert error string */
repeated InfoMessage info_msgs = 3; /* key,value event log data */
} }
/* Used to restart an existing I/O log on the server. */ /* Used to restart an existing I/O log on the server. */

18
doc/sudo_logsrv.proto.mdoc.in
View File

@ -15,7 +15,7 @@
.\" ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF .\" ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF
.\" OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. .\" OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
.\" .\"
.Dd May 4, 2020 .Dd November 6, 2020
.Dt SUDO_LOGSRV.PROTO @mansectform@ .Dt SUDO_LOGSRV.PROTO @mansectform@
.Os Sudo @PACKAGE_VERSION@ .Os Sudo @PACKAGE_VERSION@
.Sh NAME .Sh NAME
@ -162,7 +162,6 @@ describing the user who submitted the command as well as the execution
environment of the command. environment of the command.
This information is used to generate an event log entry and may also be This information is used to generate an event log entry and may also be
used by server to determine where and how the I/O log is stored. used by server to determine where and how the I/O log is stored.
as choose the
.It expect_iobufs .It expect_iobufs
Set to true if the server should expect Set to true if the server should expect
.Em IoBuffer .Em IoBuffer
@ -303,6 +302,7 @@ or
message AlertMessage { message AlertMessage {
TimeSpec alert_time = 1; TimeSpec alert_time = 1;
string reason = 2; string reason = 2;
repeated InfoMessage info_msgs = 3;
} }
.Ed .Ed
.Pp .Pp
@ -316,6 +316,12 @@ It contains the following members:
The wall clock time when the alert occurred. The wall clock time when the alert occurred.
.It reason .It reason
The reason for the alert. The reason for the alert.
.It info_msgs
An optional array of
.Em InfoMessage
describing the user who submitted the command as well as the execution
environment of the command.
This information is used to generate an event log entry.
.El .El
.Ss IoBuffer ttyin_buf | ttyout_buf | stdin_buf | stdout_buf | stderr_buf .Ss IoBuffer ttyin_buf | ttyout_buf | stdin_buf | stdout_buf | stderr_buf
.Bd -literal .Bd -literal
@ -552,7 +558,8 @@ If an
.Em abort .Em abort
message is received, the client should terminate the running command. message is received, the client should terminate the running command.
.Sh EVENT LOG VARIABLES .Sh EVENT LOG VARIABLES
.Em AcceptMessage .Em AcceptMessage ,
.Em AlertMessage
and and
.Em RejectMessage .Em RejectMessage
classes contain an array of classes contain an array of
@ -718,8 +725,9 @@ message ExitMessage {
/* Alert message, policy module-specific. */ /* Alert message, policy module-specific. */
message AlertMessage { message AlertMessage {
TimeSpec alert_time = 1; /* time alert message occurred */ TimeSpec alert_time = 1; /* time alert message occurred */
string reason = 2; /* description of policy violation */ string reason = 2; /* policy alert error string */
repeated InfoMessage info_msgs = 3; /* key,value event log data */
} }
/* Used to restart an existing I/O log on the server. */ /* Used to restart an existing I/O log on the server. */

9
include/log_server.pb-c.h
View File

@ -270,13 +270,18 @@ struct _AlertMessage
*/ */
TimeSpec *alert_time; TimeSpec *alert_time;
/* /*
* description of policy violation * policy alert error string
*/ */
char *reason; char *reason;
/*
* optional key,value event log data
*/
size_t n_info_msgs;
InfoMessage **info_msgs;
}; };
#define ALERT_MESSAGE__INIT \ #define ALERT_MESSAGE__INIT \
{ PROTOBUF_C_MESSAGE_INIT (&alert_message__descriptor) \ { PROTOBUF_C_MESSAGE_INIT (&alert_message__descriptor) \
, NULL, (char *)protobuf_c_empty_string } , NULL, (char *)protobuf_c_empty_string, 0,NULL }
/* /*

10
lib/eventlog/eventlog.c
View File

@ -1026,11 +1026,13 @@ do_syslog(int event_type, int flags, const char *reason, const char *errstr,
} }
static bool static bool
do_logfile_sudo(const char *logline, const struct eventlog *evlog) do_logfile_sudo(const char *logline, const struct eventlog *evlog,
const struct timespec *event_time)
{ {
char *full_line, timebuf[8192], *timestr = NULL;
const char *timefmt = evl_conf.time_fmt; const char *timefmt = evl_conf.time_fmt;
const char *logfile = evl_conf.logpath; const char *logfile = evl_conf.logpath;
char *full_line, timebuf[8192], *timestr = NULL; time_t tv_sec = event_time->tv_sec;
struct tm *timeptr; struct tm *timeptr;
bool ret = false; bool ret = false;
FILE *fp; FILE *fp;
@ -1046,7 +1048,7 @@ do_logfile_sudo(const char *logline, const struct eventlog *evlog)
goto done; goto done;
} }
if ((timeptr = localtime(&evlog->submit_time.tv_sec)) != NULL) { if ((timeptr = localtime(&tv_sec)) != NULL) {
/* strftime() does not guarantee to NUL-terminate so we must check. */ /* strftime() does not guarantee to NUL-terminate so we must check. */
timebuf[sizeof(timebuf) - 1] = '\0'; timebuf[sizeof(timebuf) - 1] = '\0';
if (strftime(timebuf, sizeof(timebuf), timefmt, timeptr) != 0 && if (strftime(timebuf, sizeof(timebuf), timefmt, timeptr) != 0 &&
@ -1161,7 +1163,7 @@ do_logfile(int event_type, int flags, const char *reason, const char *errstr,
switch (evl_conf.format) { switch (evl_conf.format) {
case EVLOG_SUDO: case EVLOG_SUDO:
ret = do_logfile_sudo(logline ? logline : reason, evlog); ret = do_logfile_sudo(logline ? logline : reason, evlog, event_time);
break; break;
case EVLOG_JSON: case EVLOG_JSON:
ret = do_logfile_json(event_type, reason, errstr, evlog, ret = do_logfile_json(event_type, reason, errstr, evlog,

19
lib/logsrv/log_server.pb-c.c
View File

@ -1329,7 +1329,7 @@ const ProtobufCMessageDescriptor exit_message__descriptor =
(ProtobufCMessageInit) exit_message__init, (ProtobufCMessageInit) exit_message__init,
NULL,NULL,NULL /* reserved[123] */ NULL,NULL,NULL /* reserved[123] */
}; };
static const ProtobufCFieldDescriptor alert_message__field_descriptors[2] = static const ProtobufCFieldDescriptor alert_message__field_descriptors[3] =
{ {
{ {
"alert_time", "alert_time",
@ -1355,15 +1355,28 @@ static const ProtobufCFieldDescriptor alert_message__field_descriptors[2] =
0, /* flags */ 0, /* flags */
0,NULL,NULL /* reserved1,reserved2, etc */ 0,NULL,NULL /* reserved1,reserved2, etc */
}, },
{
"info_msgs",
3,
PROTOBUF_C_LABEL_REPEATED,
PROTOBUF_C_TYPE_MESSAGE,
offsetof(AlertMessage, n_info_msgs),
offsetof(AlertMessage, info_msgs),
&info_message__descriptor,
NULL,
0, /* flags */
0,NULL,NULL /* reserved1,reserved2, etc */
},
}; };
static const unsigned alert_message__field_indices_by_name[] = { static const unsigned alert_message__field_indices_by_name[] = {
0, /* field[0] = alert_time */ 0, /* field[0] = alert_time */
2, /* field[2] = info_msgs */
1, /* field[1] = reason */ 1, /* field[1] = reason */
}; };
static const ProtobufCIntRange alert_message__number_ranges[1 + 1] = static const ProtobufCIntRange alert_message__number_ranges[1 + 1] =
{ {
{ 1, 0 }, { 1, 0 },
{ 0, 2 } { 0, 3 }
}; };
const ProtobufCMessageDescriptor alert_message__descriptor = const ProtobufCMessageDescriptor alert_message__descriptor =
{ {
@ -1373,7 +1386,7 @@ const ProtobufCMessageDescriptor alert_message__descriptor =
"AlertMessage", "AlertMessage",
"", "",
sizeof(AlertMessage), sizeof(AlertMessage),
2, 3,
alert_message__field_descriptors, alert_message__field_descriptors,
alert_message__field_indices_by_name, alert_message__field_indices_by_name,
1, alert_message__number_ranges, 1, alert_message__number_ranges,

5
lib/logsrv/log_server.proto
View File

@ -84,8 +84,9 @@ message ExitMessage {
/* Alert message, policy module-specific. */ /* Alert message, policy module-specific. */
message AlertMessage { message AlertMessage {
TimeSpec alert_time = 1; /* time alert message occurred */ TimeSpec alert_time = 1; /* time alert message occurred */
string reason = 2; /* description of policy violation */ string reason = 2; /* policy alert error string */
repeated InfoMessage info_msgs = 3; /* optional key,value event log data */
} }
/* Used to restart an existing I/O log on the server. */ /* Used to restart an existing I/O log on the server. */

6
logsrvd/iolog_writer.c
View File

@ -125,8 +125,10 @@ evlog_new(TimeSpec *submit_time, InfoMessage **info_msgs, size_t infolen)
memset(evlog, 0, sizeof(*evlog)); memset(evlog, 0, sizeof(*evlog));
/* Submit time. */ /* Submit time. */
evlog->submit_time.tv_sec = submit_time->tv_sec; if (submit_time != NULL) {
evlog->submit_time.tv_nsec = submit_time->tv_nsec; evlog->submit_time.tv_sec = submit_time->tv_sec;
evlog->submit_time.tv_nsec = submit_time->tv_nsec;
}
/* Default values */ /* Default values */
evlog->lines = 24; evlog->lines = 24;

11
logsrvd/logsrvd.c
View File

@ -300,7 +300,8 @@ handle_accept(AcceptMessage *msg, struct connection_closure *closure)
} }
sudo_debug_printf(SUDO_DEBUG_INFO, "%s: received AcceptMessage", __func__); sudo_debug_printf(SUDO_DEBUG_INFO, "%s: received AcceptMessage", __func__);
closure->evlog = evlog_new(msg->submit_time, msg->info_msgs, msg->n_info_msgs); closure->evlog = evlog_new(msg->submit_time, msg->info_msgs,
msg->n_info_msgs);
if (closure->evlog == NULL) { if (closure->evlog == NULL) {
closure->errstr = _("error parsing AcceptMessage"); closure->errstr = _("error parsing AcceptMessage");
debug_return_bool(false); debug_return_bool(false);
@ -486,6 +487,14 @@ handle_alert(AlertMessage *msg, struct connection_closure *closure)
} }
sudo_debug_printf(SUDO_DEBUG_INFO, "%s: received AlertMessage", __func__); sudo_debug_printf(SUDO_DEBUG_INFO, "%s: received AlertMessage", __func__);
if (msg->info_msgs != NULL && msg->n_info_msgs != 0) {
closure->evlog = evlog_new(NULL, msg->info_msgs, msg->n_info_msgs);
if (closure->evlog == NULL) {
closure->errstr = _("error parsing AlertMessage");
debug_return_bool(false);
}
}
alert_time.tv_sec = msg->alert_time->tv_sec; alert_time.tv_sec = msg->alert_time->tv_sec;
alert_time.tv_nsec = msg->alert_time->tv_nsec; alert_time.tv_nsec = msg->alert_time->tv_nsec;
if (!eventlog_alert(closure->evlog, 0, &alert_time, msg->reason, NULL)) { if (!eventlog_alert(closure->evlog, 0, &alert_time, msg->reason, NULL)) {

15
plugins/sudoers/log_client.c
View File

@ -1040,6 +1040,7 @@ fmt_alert_message(struct client_closure *closure)
AlertMessage alert_msg = ALERT_MESSAGE__INIT; AlertMessage alert_msg = ALERT_MESSAGE__INIT;
TimeSpec ts = TIME_SPEC__INIT; TimeSpec ts = TIME_SPEC__INIT;
struct timespec now; struct timespec now;
bool ret = false;
debug_decl(fmt_alert_message, SUDOERS_DEBUG_UTIL); debug_decl(fmt_alert_message, SUDOERS_DEBUG_UTIL);
/* /*
@ -1056,11 +1057,23 @@ fmt_alert_message(struct client_closure *closure)
/* Reason for the alert. */ /* Reason for the alert. */
alert_msg.reason = (char *)closure->reason; alert_msg.reason = (char *)closure->reason;
alert_msg.info_msgs = fmt_info_messages(closure, &alert_msg.n_info_msgs);
if (alert_msg.info_msgs == NULL)
goto done;
sudo_debug_printf(SUDO_DEBUG_INFO,
"%s: sending AlertMessage, array length %zu", __func__,
alert_msg.n_info_msgs);
/* Schedule ClientMessage */ /* Schedule ClientMessage */
client_msg.u.alert_msg = &alert_msg; client_msg.u.alert_msg = &alert_msg;
client_msg.type_case = CLIENT_MESSAGE__TYPE_ALERT_MSG; client_msg.type_case = CLIENT_MESSAGE__TYPE_ALERT_MSG;
ret = fmt_client_message(closure, &client_msg);
debug_return_bool(fmt_client_message(closure, &client_msg)); done:
free_info_messages(alert_msg.info_msgs, alert_msg.n_info_msgs);
debug_return_bool(ret);
} }
#ifdef notyet #ifdef notyet