diff --git a/include/sudo_iolog.h b/include/sudo_iolog.h index de37b6ca6..54786c4be 100644 --- a/include/sudo_iolog.h +++ b/include/sudo_iolog.h @@ -64,6 +64,8 @@ struct iolog_info { char *user; char *runas_user; char *runas_group; + char *runchroot; + char *runcwd; char *tty; char *cmd; char *host; diff --git a/lib/iolog/iolog_fileio.c b/lib/iolog/iolog_fileio.c index 2fa61cbc1..288ae7df9 100644 --- a/lib/iolog/iolog_fileio.c +++ b/lib/iolog/iolog_fileio.c @@ -1035,6 +1035,20 @@ iolog_write_info_file_json(int dfd, const char *parent, struct iolog_info *info) goto oom; } + if (info->runchroot != NULL) { + json_value.type = JSON_STRING; + json_value.u.string = info->runchroot; + if (!sudo_json_add_value(&json, "runchroot", &json_value)) + goto oom; + } + + if (info->runcwd != NULL) { + json_value.type = JSON_STRING; + json_value.u.string = info->runcwd; + if (!sudo_json_add_value(&json, "runcwd", &json_value)) + goto oom; + } + /* Required */ json_value.type = JSON_STRING; json_value.u.string = info->runas_user; diff --git a/lib/iolog/iolog_json.c b/lib/iolog/iolog_json.c index 2a8b8d2f1..da7f40f9a 100644 --- a/lib/iolog/iolog_json.c +++ b/lib/iolog/iolog_json.c @@ -187,6 +187,26 @@ json_store_runuser(struct json_item *item, struct iolog_info *li) debug_return_bool(true); } +static bool +json_store_runchroot(struct json_item *item, struct iolog_info *li) +{ + debug_decl(json_store_runchroot, SUDO_DEBUG_UTIL); + + li->runchroot = item->u.string; + item->u.string = NULL; + debug_return_bool(true); +} + +static bool +json_store_runcwd(struct json_item *item, struct iolog_info *li) +{ + debug_decl(json_store_runcwd, SUDO_DEBUG_UTIL); + + li->runcwd = item->u.string; + item->u.string = NULL; + debug_return_bool(true); +} + static bool json_store_submitcwd(struct json_item *item, struct iolog_info *li) { @@ -263,6 +283,8 @@ static struct iolog_json_key { { "rungroup", JSON_STRING, json_store_rungroup }, { "runuid", JSON_ID, json_store_runuid }, { "runuser", JSON_STRING, json_store_runuser }, + { "runchroot", JSON_STRING, json_store_runchroot }, + { "runcwd", JSON_STRING, json_store_runcwd }, { "submitcwd", JSON_STRING, json_store_submitcwd }, { "submithost", JSON_STRING, json_store_submithost }, { "submituser", JSON_STRING, json_store_submituser }, diff --git a/lib/iolog/iolog_util.c b/lib/iolog/iolog_util.c index c1339d5dc..5a0c0c9ec 100644 --- a/lib/iolog/iolog_util.c +++ b/lib/iolog/iolog_util.c @@ -449,6 +449,8 @@ iolog_free_loginfo(struct iolog_info *li) free(li->user); free(li->runas_user); free(li->runas_group); + free(li->runchroot); + free(li->runcwd); free(li->tty); free(li->cmd); free(li->host); diff --git a/logsrvd/iolog_writer.c b/logsrvd/iolog_writer.c index 18287cb16..050d79255 100644 --- a/logsrvd/iolog_writer.c +++ b/logsrvd/iolog_writer.c @@ -116,6 +116,8 @@ iolog_details_free(struct iolog_details *details) free(details->iolog_path); free(details->command); free(details->cwd); + free(details->runchroot); + free(details->runcwd); free(details->rungroup); free(details->runuser); free(details->submithost); @@ -220,6 +222,34 @@ iolog_details_fill(struct iolog_details *details, TimeSpec *submit_time, } continue; } + if (strcmp(key, "runchroot") == 0) { + if (has_strval(info)) { + if ((details->runchroot = strdup(info->strval)) == NULL) { + sudo_debug_printf( + SUDO_DEBUG_ERROR|SUDO_DEBUG_LINENO|SUDO_DEBUG_ERRNO, + "strdup"); + goto done; + } + } else { + sudo_debug_printf(SUDO_DEBUG_ERROR|SUDO_DEBUG_LINENO, + "runchroot specified but not a string"); + } + continue; + } + if (strcmp(key, "runcwd") == 0) { + if (has_strval(info)) { + if ((details->runcwd = strdup(info->strval)) == NULL) { + sudo_debug_printf( + SUDO_DEBUG_ERROR|SUDO_DEBUG_LINENO|SUDO_DEBUG_ERRNO, + "strdup"); + goto done; + } + } else { + sudo_debug_printf(SUDO_DEBUG_ERROR|SUDO_DEBUG_LINENO, + "runcwd specified but not a string"); + } + continue; + } if (strcmp(key, "runenv") == 0) { if (has_strlistval(info)) { details->envp = strlist_copy(info->strlistval); @@ -635,6 +665,8 @@ iolog_details_write(struct iolog_details *details, memset(&log_info, 0, sizeof(log_info)); log_info.cwd = details->cwd; log_info.user = details->submituser; + log_info.runchroot = details->runchroot; + log_info.runcwd = details->runcwd; log_info.runas_user = details->runuser; log_info.runas_group = details->rungroup; log_info.tty = details->ttyname; diff --git a/logsrvd/logsrvd.h b/logsrvd/logsrvd.h index a0c26847b..2701eb1c1 100644 --- a/logsrvd/logsrvd.h +++ b/logsrvd/logsrvd.h @@ -48,6 +48,8 @@ struct iolog_details { char *iolog_file; /* substring of iolog_path, do not free */ char *command; char *cwd; + char *runchroot; + char *runcwd; char *rungroup; char *runuser; char *submithost; diff --git a/plugins/sudoers/iolog.c b/plugins/sudoers/iolog.c index fa8896521..c4efad178 100644 --- a/plugins/sudoers/iolog.c +++ b/plugins/sudoers/iolog.c @@ -269,6 +269,10 @@ iolog_deserialize_info(struct iolog_details *details, char * const user_info[], details->command = *cur + sizeof("command=") - 1; continue; } + if (strncmp(*cur, "chroot=", sizeof("chroot=") - 1) == 0) { + details->runchroot = *cur + sizeof("chroot=") - 1; + continue; + } break; case 'i': if (strncmp(*cur, "ignore_iolog_errors=", sizeof("ignore_iolog_errors=") - 1) == 0) { @@ -434,6 +438,10 @@ iolog_deserialize_info(struct iolog_details *details, char * const user_info[], runas_euid_str = *cur + sizeof("runas_euid=") - 1; continue; } + if (strncmp(*cur, "runcwd=", sizeof("runcwd=") - 1) == 0) { + details->runcwd = *cur + sizeof("runcwd=") - 1; + continue; + } break; } } @@ -499,6 +507,8 @@ write_info_log(int dfd, char *iolog_dir, struct iolog_details *details) memset(&iolog_info, 0, sizeof(iolog_info)); iolog_info.cwd = (char *)details->cwd; iolog_info.user = (char *)details->user; + iolog_info.runchroot = (char *)details->runchroot; + iolog_info.runcwd = (char *)details->runcwd; iolog_info.runas_user = details->runas_pw->pw_name; iolog_info.runas_group = details->runas_gr ? details->runas_gr->gr_name: NULL; iolog_info.tty = (char *)details->tty; diff --git a/plugins/sudoers/iolog_client.c b/plugins/sudoers/iolog_client.c index 7cc54f0f4..85a90b73c 100644 --- a/plugins/sudoers/iolog_client.c +++ b/plugins/sudoers/iolog_client.c @@ -781,7 +781,7 @@ fmt_accept_message(struct client_closure *closure) runenv.n_strings++; /* XXX - realloc as needed instead of preallocating */ - info_msgs_size = 22; + info_msgs_size = 24; accept_msg.info_msgs = calloc(info_msgs_size, sizeof(InfoMessage *)); if (accept_msg.info_msgs == NULL) { info_msgs_size = 0; @@ -861,6 +861,20 @@ fmt_accept_message(struct client_closure *closure) n++; } + if (details->runcwd != NULL) { + accept_msg.info_msgs[n]->key = "runcwd"; + accept_msg.info_msgs[n]->strval = (char *)details->runcwd; + accept_msg.info_msgs[n]->value_case = INFO_MESSAGE__VALUE_STRVAL; + n++; + } + + if (details->runchroot != NULL) { + accept_msg.info_msgs[n]->key = "runchroot"; + accept_msg.info_msgs[n]->strval = (char *)details->runchroot; + accept_msg.info_msgs[n]->value_case = INFO_MESSAGE__VALUE_STRVAL; + n++; + } + /* TODO - submitenv */ /* TODO - submitgid */ /* TODO - submitgids */ diff --git a/plugins/sudoers/iolog_plugin.h b/plugins/sudoers/iolog_plugin.h index 9ef3c843b..467c77324 100644 --- a/plugins/sudoers/iolog_plugin.h +++ b/plugins/sudoers/iolog_plugin.h @@ -61,6 +61,8 @@ struct iolog_details { struct passwd *runas_pw; struct group *runas_gr; char * const *argv; + const char *runcwd; + const char *runchroot; char **user_env; struct sudoers_str_list *log_servers; struct timespec server_timeout;