Read/write runchroot and runcwd entries in the JSON event log.

2025-08-22 01:49:11 +00:00 · 2020-09-01 06:26:05 -06:00 · 2020-09-01 06:26:05 -06:00 · bd254e1042
commit bd254e1042
parent 9ff960457a
9 changed files with 101 additions and 1 deletions
--- a/include/sudo_iolog.h
+++ b/include/sudo_iolog.h
@ -64,6 +64,8 @@ struct iolog_info {
    char *user;
    char *runas_user;
    char *runas_group;
+    char *runchroot;
+    char *runcwd;
    char *tty;
    char *cmd;
    char *host;
--- a/lib/iolog/iolog_fileio.c
+++ b/lib/iolog/iolog_fileio.c
@ -1035,6 +1035,20 @@ iolog_write_info_file_json(int dfd, const char *parent, struct iolog_info *info)
 	    goto oom;
    }

+    if (info->runchroot != NULL) {
+	json_value.type = JSON_STRING;
+	json_value.u.string = info->runchroot;
+	if (!sudo_json_add_value(&json, "runchroot", &json_value))
+	    goto oom;
+    }
+
+    if (info->runcwd != NULL) {
+	json_value.type = JSON_STRING;
+	json_value.u.string = info->runcwd;
+	if (!sudo_json_add_value(&json, "runcwd", &json_value))
+	    goto oom;
+    }
+
    /* Required */
    json_value.type = JSON_STRING;
    json_value.u.string = info->runas_user;
--- a/lib/iolog/iolog_json.c
+++ b/lib/iolog/iolog_json.c
@ -187,6 +187,26 @@ json_store_runuser(struct json_item *item, struct iolog_info *li)
    debug_return_bool(true);
 }

+static bool
+json_store_runchroot(struct json_item *item, struct iolog_info *li)
+{
+    debug_decl(json_store_runchroot, SUDO_DEBUG_UTIL);
+
+    li->runchroot = item->u.string;
+    item->u.string = NULL;
+    debug_return_bool(true);
+}
+
+static bool
+json_store_runcwd(struct json_item *item, struct iolog_info *li)
+{
+    debug_decl(json_store_runcwd, SUDO_DEBUG_UTIL);
+
+    li->runcwd = item->u.string;
+    item->u.string = NULL;
+    debug_return_bool(true);
+}
+
 static bool
 json_store_submitcwd(struct json_item *item, struct iolog_info *li)
 {
@ -263,6 +283,8 @@ static struct iolog_json_key {
    { "rungroup", JSON_STRING, json_store_rungroup },
    { "runuid", JSON_ID, json_store_runuid },
    { "runuser", JSON_STRING, json_store_runuser },
+    { "runchroot", JSON_STRING, json_store_runchroot },
+    { "runcwd", JSON_STRING, json_store_runcwd },
    { "submitcwd", JSON_STRING, json_store_submitcwd },
    { "submithost", JSON_STRING, json_store_submithost },
    { "submituser", JSON_STRING, json_store_submituser },
--- a/lib/iolog/iolog_util.c
+++ b/lib/iolog/iolog_util.c
@ -449,6 +449,8 @@ iolog_free_loginfo(struct iolog_info *li)
 	free(li->user);
 	free(li->runas_user);
 	free(li->runas_group);
+	free(li->runchroot);
+	free(li->runcwd);
 	free(li->tty);
 	free(li->cmd);
 	free(li->host);
--- a/logsrvd/iolog_writer.c
+++ b/logsrvd/iolog_writer.c
@ -116,6 +116,8 @@ iolog_details_free(struct iolog_details *details)
 	free(details->iolog_path);
 	free(details->command);
 	free(details->cwd);
+	free(details->runchroot);
+	free(details->runcwd);
 	free(details->rungroup);
 	free(details->runuser);
 	free(details->submithost);
@ -220,6 +222,34 @@ iolog_details_fill(struct iolog_details *details, TimeSpec *submit_time,
 		}
 		continue;
 	    }
+	    if (strcmp(key, "runchroot") == 0) {
+		if (has_strval(info)) {
+		    if ((details->runchroot = strdup(info->strval)) == NULL) {
+			sudo_debug_printf(
+			    SUDO_DEBUG_ERROR|SUDO_DEBUG_LINENO|SUDO_DEBUG_ERRNO,
+			    "strdup");
+			goto done;
+		    }
+		} else {
+		    sudo_debug_printf(SUDO_DEBUG_ERROR|SUDO_DEBUG_LINENO,
+			"runchroot specified but not a string");
+		}
+		continue;
+	    }
+	    if (strcmp(key, "runcwd") == 0) {
+		if (has_strval(info)) {
+		    if ((details->runcwd = strdup(info->strval)) == NULL) {
+			sudo_debug_printf(
+			    SUDO_DEBUG_ERROR|SUDO_DEBUG_LINENO|SUDO_DEBUG_ERRNO,
+			    "strdup");
+			goto done;
+		    }
+		} else {
+		    sudo_debug_printf(SUDO_DEBUG_ERROR|SUDO_DEBUG_LINENO,
+			"runcwd specified but not a string");
+		}
+		continue;
+	    }
 	    if (strcmp(key, "runenv") == 0) {
 		if (has_strlistval(info)) {
 		    details->envp = strlist_copy(info->strlistval);
@ -635,6 +665,8 @@ iolog_details_write(struct iolog_details *details,
    memset(&log_info, 0, sizeof(log_info));
    log_info.cwd = details->cwd;
    log_info.user = details->submituser;
+    log_info.runchroot = details->runchroot;
+    log_info.runcwd = details->runcwd;
    log_info.runas_user = details->runuser;
    log_info.runas_group = details->rungroup;
    log_info.tty = details->ttyname;
--- a/logsrvd/logsrvd.h
+++ b/logsrvd/logsrvd.h
@ -48,6 +48,8 @@ struct iolog_details {
    char *iolog_file;		/* substring of iolog_path, do not free */
    char *command;
    char *cwd;
+    char *runchroot;
+    char *runcwd;
    char *rungroup;
    char *runuser;
    char *submithost;
--- a/plugins/sudoers/iolog.c
+++ b/plugins/sudoers/iolog.c
@ -269,6 +269,10 @@ iolog_deserialize_info(struct iolog_details *details, char * const user_info[],
 		details->command = *cur + sizeof("command=") - 1;
 		continue;
 	    }
+	    if (strncmp(*cur, "chroot=", sizeof("chroot=") - 1) == 0) {
+		details->runchroot = *cur + sizeof("chroot=") - 1;
+		continue;
+	    }
 	    break;
 	case 'i':
 	    if (strncmp(*cur, "ignore_iolog_errors=", sizeof("ignore_iolog_errors=") - 1) == 0) {
@ -434,6 +438,10 @@ iolog_deserialize_info(struct iolog_details *details, char * const user_info[],
 		runas_euid_str = *cur + sizeof("runas_euid=") - 1;
 		continue;
 	    }
+	    if (strncmp(*cur, "runcwd=", sizeof("runcwd=") - 1) == 0) {
+		details->runcwd = *cur + sizeof("runcwd=") - 1;
+		continue;
+	    }
 	    break;
 	}
    }
@ -499,6 +507,8 @@ write_info_log(int dfd, char *iolog_dir, struct iolog_details *details)
    memset(&iolog_info, 0, sizeof(iolog_info));
    iolog_info.cwd = (char *)details->cwd;
    iolog_info.user = (char *)details->user;
+    iolog_info.runchroot = (char *)details->runchroot;
+    iolog_info.runcwd = (char *)details->runcwd;
    iolog_info.runas_user = details->runas_pw->pw_name;
    iolog_info.runas_group = details->runas_gr ? details->runas_gr->gr_name: NULL;
    iolog_info.tty = (char *)details->tty;
--- a/plugins/sudoers/iolog_client.c
+++ b/plugins/sudoers/iolog_client.c
@ -781,7 +781,7 @@ fmt_accept_message(struct client_closure *closure)
 	runenv.n_strings++;

    /* XXX - realloc as needed instead of preallocating */
-    info_msgs_size = 22;
+    info_msgs_size = 24;
    accept_msg.info_msgs = calloc(info_msgs_size, sizeof(InfoMessage *));
    if (accept_msg.info_msgs == NULL) {
 	info_msgs_size = 0;
@ -861,6 +861,20 @@ fmt_accept_message(struct client_closure *closure)
 	n++;
    }

+    if (details->runcwd != NULL) {
+	accept_msg.info_msgs[n]->key = "runcwd";
+	accept_msg.info_msgs[n]->strval = (char *)details->runcwd;
+	accept_msg.info_msgs[n]->value_case = INFO_MESSAGE__VALUE_STRVAL;
+	n++;
+    }
+
+    if (details->runchroot != NULL) {
+	accept_msg.info_msgs[n]->key = "runchroot";
+	accept_msg.info_msgs[n]->strval = (char *)details->runchroot;
+	accept_msg.info_msgs[n]->value_case = INFO_MESSAGE__VALUE_STRVAL;
+	n++;
+    }
+
    /* TODO - submitenv */
    /* TODO - submitgid */
    /* TODO - submitgids */
--- a/plugins/sudoers/iolog_plugin.h
+++ b/plugins/sudoers/iolog_plugin.h
@ -61,6 +61,8 @@ struct iolog_details {
    struct passwd *runas_pw;
    struct group *runas_gr;
    char * const *argv;
+    const char *runcwd;
+    const char *runchroot;
    char **user_env;
    struct sudoers_str_list *log_servers;
    struct timespec server_timeout;