mir/sudo
2
0
Fork 0
mirror of https://github.com/sudo-project/sudo.git synced 2025-08-22 01:49:11 +00:00
Code Issues Releases Wiki Activity

Add support for file log line wrapping in libeventlog.

Browse Source
This commit is contained in:
Todd C. Miller 2020-10-26 16:16:46 -06:00
parent d899fe5936
commit fdae4bdbbb
12 changed files with 128 additions and 74 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

8
MANIFEST
View File

@ -104,6 +104,10 @@ include/sudo_util.h
install-sh install-sh
lib/eventlog/Makefile.in lib/eventlog/Makefile.in
lib/eventlog/eventlog.c lib/eventlog/eventlog.c
lib/eventlog/logwrap.c
lib/eventlog/regress/logwrap/check_wrap.c
lib/eventlog/regress/logwrap/check_wrap.in
lib/eventlog/regress/logwrap/check_wrap.out.ok
lib/iolog/Makefile.in lib/iolog/Makefile.in
lib/iolog/host_port.c lib/iolog/host_port.c
lib/iolog/hostcheck.c lib/iolog/hostcheck.c
@ -510,7 +514,6 @@ plugins/sudoers/linux_audit.h
plugins/sudoers/locale.c plugins/sudoers/locale.c
plugins/sudoers/logging.c plugins/sudoers/logging.c
plugins/sudoers/logging.h plugins/sudoers/logging.h
plugins/sudoers/logwrap.c
plugins/sudoers/match.c plugins/sudoers/match.c
plugins/sudoers/match_addr.c plugins/sudoers/match_addr.c
plugins/sudoers/match_command.c plugins/sudoers/match_command.c
@ -673,9 +676,6 @@ plugins/sudoers/regress/env_match/check_env_pattern.c
plugins/sudoers/regress/env_match/data plugins/sudoers/regress/env_match/data
plugins/sudoers/regress/exptilde/check_exptilde.c plugins/sudoers/regress/exptilde/check_exptilde.c
plugins/sudoers/regress/iolog_plugin/check_iolog_plugin.c plugins/sudoers/regress/iolog_plugin/check_iolog_plugin.c
plugins/sudoers/regress/logging/check_wrap.c
plugins/sudoers/regress/logging/check_wrap.in
plugins/sudoers/regress/logging/check_wrap.out.ok
plugins/sudoers/regress/parser/check_addr.c plugins/sudoers/regress/parser/check_addr.c
plugins/sudoers/regress/parser/check_addr.in plugins/sudoers/regress/parser/check_addr.in
plugins/sudoers/regress/parser/check_base64.c plugins/sudoers/regress/parser/check_base64.c

13
include/sudo_eventlog.h
View File

@ -21,6 +21,11 @@
#include <sys/types.h> /* for gid_t, uid_t */ #include <sys/types.h> /* for gid_t, uid_t */
#include <time.h> /* for struct timespec */ #include <time.h> /* for struct timespec */
#ifdef HAVE_STDBOOL_H
# include <stdbool.h>
#else
# include "compat/stdbool.h"
#endif /* HAVE_STDBOOL_H */
/* Supported event types. */ /* Supported event types. */
enum event_type { enum event_type {
@ -55,6 +60,11 @@ enum eventlog_format {
# define MAXSYSLOGLEN 960 # define MAXSYSLOGLEN 960
#endif #endif
/*
* Indentation level for file-based logs when word wrap is enabled.
*/
#define EVENTLOG_INDENT " "
/* /*
* Event log config, used with eventlog_setconf() * Event log config, used with eventlog_setconf()
*/ */
@ -65,6 +75,7 @@ struct eventlog_config {
int syslog_rejectpri; int syslog_rejectpri;
int syslog_alertpri; int syslog_alertpri;
int syslog_maxlen; int syslog_maxlen;
int file_maxlen;
uid_t mailuid; uid_t mailuid;
bool omit_hostname; bool omit_hostname;
const char *logpath; const char *logpath;
@ -113,6 +124,7 @@ bool eventlog_accept(const struct eventlog *details, int flags, eventlog_json_ca
bool eventlog_alert(const struct eventlog *details, int flags, struct timespec *alert_time, const char *reason, const char *errstr); bool eventlog_alert(const struct eventlog *details, int flags, struct timespec *alert_time, const char *reason, const char *errstr);
bool eventlog_reject(const struct eventlog *details, int flags, const char *reason, eventlog_json_callback_t info_cb, void *info); bool eventlog_reject(const struct eventlog *details, int flags, const char *reason, eventlog_json_callback_t info_cb, void *info);
bool eventlog_store_json(struct json_container *json, const struct eventlog *evlog); bool eventlog_store_json(struct json_container *json, const struct eventlog *evlog);
size_t eventlog_writeln(FILE *fp, char *line, size_t len, size_t maxlen);
void eventlog_free(struct eventlog *evlog); void eventlog_free(struct eventlog *evlog);
void eventlog_set_type(int type); void eventlog_set_type(int type);
void eventlog_set_format(enum eventlog_format format); void eventlog_set_format(enum eventlog_format format);
@ -120,6 +132,7 @@ void eventlog_set_syslog_acceptpri(int pri);
void eventlog_set_syslog_rejectpri(int pri); void eventlog_set_syslog_rejectpri(int pri);
void eventlog_set_syslog_alertpri(int pri); void eventlog_set_syslog_alertpri(int pri);
void eventlog_set_syslog_maxlen(int len); void eventlog_set_syslog_maxlen(int len);
void eventlog_set_file_maxlen(int len);
void eventlog_set_mailuid(uid_t uid); void eventlog_set_mailuid(uid_t uid);
void eventlog_set_omit_hostname(bool omit_hostname); void eventlog_set_omit_hostname(bool omit_hostname);
void eventlog_set_logpath(const char *path); void eventlog_set_logpath(const char *path);

55
lib/eventlog/Makefile.in
View File

@ -40,9 +40,15 @@ CPPFLAGS = -I$(incdir) -I$(top_builddir) -I$(srcdir) -I$(top_srcdir) @CPPFLAGS@
# Usually -O and/or -g # Usually -O and/or -g
CFLAGS = @CFLAGS@ CFLAGS = @CFLAGS@
# Flags to pass to the link stage
LDFLAGS = @LDFLAGS@
# Flags to pass to libtool # Flags to pass to libtool
LTFLAGS = @LT_STATIC@ LTFLAGS = @LT_STATIC@
# Libraries for test programs
LIBS = $(top_builddir)/lib/util/libsudo_util.la
# Address sanitizer flags # Address sanitizer flags
ASAN_CFLAGS = @ASAN_CFLAGS@ ASAN_CFLAGS = @ASAN_CFLAGS@
ASAN_LDFLAGS = @ASAN_LDFLAGS@ ASAN_LDFLAGS = @ASAN_LDFLAGS@
@ -73,7 +79,9 @@ DEVEL = @DEVEL@
SHELL = @SHELL@ SHELL = @SHELL@
LIBEVENTLOG_OBJS = eventlog.lo TEST_PROGS = check_wrap
LIBEVENTLOG_OBJS = eventlog.lo logwrap.lo
IOBJS = $(LIBEVENTLOG_OBJS:.lo=.i) IOBJS = $(LIBEVENTLOG_OBJS:.lo=.i)
@ -81,6 +89,8 @@ POBJS = $(IOBJS:.i=.plog)
GENERATED = log_server.pb-c.h log_server.pb-c.c GENERATED = log_server.pb-c.h log_server.pb-c.c
CHECK_WRAP_OBJS = check_wrap.lo logwrap.lo
all: libsudo_eventlog.la all: libsudo_eventlog.la
pvs-log-files: $(POBJS) pvs-log-files: $(POBJS)
@ -124,6 +134,9 @@ $(devdir)/log_server.pb-c.c: $(srcdir)/log_server.proto
libsudo_eventlog.la: $(LIBEVENTLOG_OBJS) libsudo_eventlog.la: $(LIBEVENTLOG_OBJS)
$(LIBTOOL) $(LTFLAGS) --mode=link $(CC) -o $@ $(LIBEVENTLOG_OBJS) $(LIBTOOL) $(LTFLAGS) --mode=link $(CC) -o $@ $(LIBEVENTLOG_OBJS)
check_wrap: $(CHECK_WRAP_OBJS) $(LIBUTIL)
$(LIBTOOL) $(LTFLAGS) --mode=link $(CC) -o $@ $(CHECK_WRAP_OBJS) $(LDFLAGS) $(ASAN_LDFLAGS) $(PIE_LDFLAGS) $(SSP_LDFLAGS) $(LIBS)
pre-install: pre-install:
install: install:
@ -146,7 +159,19 @@ cppcheck:
pvs-log-files: $(POBJS) pvs-log-files: $(POBJS)
check: check: $(TEST_PROGS)
@if test X"$(cross_compiling)" != X"yes"; then \
LC_ALL=C; export LC_ALL; \
unset LANG || LANG=; \
MALLOC_OPTIONS=S; export MALLOC_OPTIONS; \
MALLOC_CONF="abort:true,junk:true"; export MALLOC_CONF; \
umask 022; \
rval=0; \
mkdir -p regress/logwrap; \
./check_wrap $(srcdir)/regress/logwrap/check_wrap.in > regress/logwrap/check_wrap.out; \
diff regress/logwrap/check_wrap.out $(srcdir)/regress/logwrap/check_wrap.out.ok || rval=`expr $$rval + $$?`; \
exit $$rval; \
fi
clean: clean:
-$(LIBTOOL) $(LTFLAGS) --mode=clean rm -f *.lo *.o *.la -$(LIBTOOL) $(LTFLAGS) --mode=clean rm -f *.lo *.o *.la
@ -169,6 +194,20 @@ realclean: distclean
cleandir: realclean cleandir: realclean
# Autogenerated dependencies, do not modify # Autogenerated dependencies, do not modify
check_wrap.lo: $(srcdir)/regress/logwrap/check_wrap.c \
$(incdir)/compat/stdbool.h $(incdir)/sudo_compat.h \
$(incdir)/sudo_eventlog.h $(incdir)/sudo_fatal.h \
$(incdir)/sudo_plugin.h $(incdir)/sudo_util.h \
$(top_builddir)/config.h
$(LIBTOOL) $(LTFLAGS) --mode=compile $(CC) -c -o $@ $(CPPFLAGS) $(CFLAGS) $(ASAN_CFLAGS) $(PIE_CFLAGS) $(SSP_CFLAGS) $(srcdir)/regress/logwrap/check_wrap.c
check_wrap.i: $(srcdir)/regress/logwrap/check_wrap.c \
$(incdir)/compat/stdbool.h $(incdir)/sudo_compat.h \
$(incdir)/sudo_eventlog.h $(incdir)/sudo_fatal.h \
$(incdir)/sudo_plugin.h $(incdir)/sudo_util.h \
$(top_builddir)/config.h
$(CC) -E -o $@ $(CPPFLAGS) $<
check_wrap.plog: check_wrap.i
rm -f $@; pvs-studio --cfg $(PVS_CFG) --sourcetree-root $(top_srcdir) --skip-cl-exe yes --source-file $(srcdir)/regress/logwrap/check_wrap.c --i-file $< --output-file $@
eventlog.lo: $(srcdir)/eventlog.c $(incdir)/compat/stdbool.h \ eventlog.lo: $(srcdir)/eventlog.c $(incdir)/compat/stdbool.h \
$(incdir)/sudo_compat.h $(incdir)/sudo_debug.h \ $(incdir)/sudo_compat.h $(incdir)/sudo_debug.h \
$(incdir)/sudo_eventlog.h $(incdir)/sudo_fatal.h \ $(incdir)/sudo_eventlog.h $(incdir)/sudo_fatal.h \
@ -187,3 +226,15 @@ eventlog.i: $(srcdir)/eventlog.c $(incdir)/compat/stdbool.h \
$(CC) -E -o $@ $(CPPFLAGS) $< $(CC) -E -o $@ $(CPPFLAGS) $<
eventlog.plog: eventlog.i eventlog.plog: eventlog.i
rm -f $@; pvs-studio --cfg $(PVS_CFG) --sourcetree-root $(top_srcdir) --skip-cl-exe yes --source-file $(srcdir)/eventlog.c --i-file $< --output-file $@ rm -f $@; pvs-studio --cfg $(PVS_CFG) --sourcetree-root $(top_srcdir) --skip-cl-exe yes --source-file $(srcdir)/eventlog.c --i-file $< --output-file $@
logwrap.lo: $(srcdir)/logwrap.c $(incdir)/compat/stdbool.h \
$(incdir)/sudo_compat.h $(incdir)/sudo_debug.h \
$(incdir)/sudo_eventlog.h $(incdir)/sudo_queue.h \
$(incdir)/sudo_util.h $(top_builddir)/config.h
$(LIBTOOL) $(LTFLAGS) --mode=compile $(CC) -c -o $@ $(CPPFLAGS) $(CFLAGS) $(ASAN_CFLAGS) $(PIE_CFLAGS) $(SSP_CFLAGS) $(srcdir)/logwrap.c
logwrap.i: $(srcdir)/logwrap.c $(incdir)/compat/stdbool.h \
$(incdir)/sudo_compat.h $(incdir)/sudo_debug.h \
$(incdir)/sudo_eventlog.h $(incdir)/sudo_queue.h \
$(incdir)/sudo_util.h $(top_builddir)/config.h
$(CC) -E -o $@ $(CPPFLAGS) $<
logwrap.plog: logwrap.i
rm -f $@; pvs-studio --cfg $(PVS_CFG) --sourcetree-root $(top_srcdir) --skip-cl-exe yes --source-file $(srcdir)/logwrap.c --i-file $< --output-file $@

19
lib/eventlog/eventlog.c
View File

@ -86,6 +86,7 @@ static struct eventlog_config evl_conf = {
LOG_ALERT, /* syslog_rejectpri */ LOG_ALERT, /* syslog_rejectpri */
LOG_ALERT, /* syslog_alertpri */ LOG_ALERT, /* syslog_alertpri */
MAXSYSLOGLEN, /* syslog_maxlen */ MAXSYSLOGLEN, /* syslog_maxlen */
0, /* file_maxlen */
ROOT_UID, /* mailuid */ ROOT_UID, /* mailuid */
false, /* omit_hostname */ false, /* omit_hostname */
_PATH_SUDO_LOGFILE, /* logpath */ _PATH_SUDO_LOGFILE, /* logpath */
@ -995,10 +996,11 @@ do_logfile_sudo(const char *logline, const struct eventlog *details)
{ {
const char *timefmt = evl_conf.time_fmt; const char *timefmt = evl_conf.time_fmt;
const char *logfile = evl_conf.logpath; const char *logfile = evl_conf.logpath;
char timebuf[8192], *timestr = NULL; char *full_line, timebuf[8192], *timestr = NULL;
struct tm *timeptr; struct tm *timeptr;
bool ret = false; bool ret = false;
FILE *fp; FILE *fp;
int len;
debug_decl(do_logfile_sudo, SUDO_DEBUG_UTIL); debug_decl(do_logfile_sudo, SUDO_DEBUG_UTIL);
if ((fp = evl_conf.open_log(EVLOG_FILE, logfile)) == NULL) if ((fp = evl_conf.open_log(EVLOG_FILE, logfile)) == NULL)
@ -1018,8 +1020,13 @@ do_logfile_sudo(const char *logline, const struct eventlog *details)
timestr = timebuf; timestr = timebuf;
} }
} }
(void)fprintf(fp, "%s : %s : %s\n", timestr ? timestr : "invalid date", len = asprintf(&full_line, "%s : %s : %s",
details->submituser, logline); timestr ? timestr : "invalid date", details->submituser, logline);
if (len == -1) {
sudo_warnx(U_("%s: %s"), __func__, U_("unable to allocate memory"));
goto done;
}
eventlog_writeln(fp, full_line, len, evl_conf.file_maxlen);
(void)fflush(fp); (void)fflush(fp);
if (ferror(fp)) { if (ferror(fp)) {
sudo_debug_printf(SUDO_DEBUG_ERROR|SUDO_DEBUG_LINENO|SUDO_DEBUG_ERRNO, sudo_debug_printf(SUDO_DEBUG_ERROR|SUDO_DEBUG_LINENO|SUDO_DEBUG_ERRNO,
@ -1303,6 +1310,12 @@ eventlog_set_syslog_maxlen(int len)
evl_conf.syslog_maxlen = len; evl_conf.syslog_maxlen = len;
} }
void
eventlog_set_file_maxlen(int len)
{
evl_conf.file_maxlen = len;
}
void void
eventlog_set_mailuid(uid_t uid) eventlog_set_mailuid(uid_t uid)
{ {

36
plugins/sudoers/logwrap.c → lib/eventlog/logwrap.c
View File

@ -1,7 +1,7 @@
/* /*
* SPDX-License-Identifier: ISC * SPDX-License-Identifier: ISC
* *
* Copyright (c) 2011, 2014-2016 Todd C. Miller <Todd.Miller@sudo.ws> * Copyright (c) 2011, 2014-2020 Todd C. Miller <Todd.Miller@sudo.ws>
* *
* Permission to use, copy, modify, and distribute this software for any * Permission to use, copy, modify, and distribute this software for any
* purpose with or without fee is hereby granted, provided that the above * purpose with or without fee is hereby granted, provided that the above
@ -27,16 +27,30 @@
#include <stdlib.h> #include <stdlib.h>
#include <string.h> #include <string.h>
#include "sudoers.h" #include "sudo_compat.h"
#include "sudo_debug.h"
#include "sudo_util.h"
#include "sudo_eventlog.h"
int size_t
writeln_wrap(FILE *fp, char *line, size_t linelen, size_t maxlen) eventlog_writeln(FILE *fp, char *line, size_t linelen, size_t maxlen)
{ {
char *indent = ""; char *indent = "";
char *beg = line; char *beg = line;
char *end; char *end;
int len, outlen = 0; int len;
debug_decl(writeln_wrap, SUDOERS_DEBUG_LOGGING); size_t outlen = 0;
debug_decl(eventlog_writeln, SUDO_DEBUG_UTIL);
if (maxlen < sizeof(EVENTLOG_INDENT)) {
/* Maximum length too small, disable wrapping. */
outlen = fwrite(line, 1, linelen, fp);
if (outlen != linelen)
debug_return_size_t(-1);
if (fputc('\n', fp) == EOF)
debug_return_size_t(-1);
debug_return_int(outlen + 1);
}
/* /*
* Print out line with word wrap around maxlen characters. * Print out line with word wrap around maxlen characters.
@ -53,24 +67,24 @@ writeln_wrap(FILE *fp, char *line, size_t linelen, size_t maxlen)
} }
len = fprintf(fp, "%s%.*s\n", indent, (int)(end - beg), beg); len = fprintf(fp, "%s%.*s\n", indent, (int)(end - beg), beg);
if (len < 0) if (len < 0)
debug_return_int(-1); debug_return_size_t(-1);
outlen += len; outlen += len;
while (*end == ' ') while (*end == ' ')
end++; end++;
linelen -= (end - beg); linelen -= (end - beg);
beg = end; beg = end;
if (indent[0] == '\0') { if (indent[0] == '\0') {
indent = LOG_INDENT; indent = EVENTLOG_INDENT;
maxlen -= sizeof(LOG_INDENT) - 1; maxlen -= sizeof(EVENTLOG_INDENT) - 1;
} }
} }
/* Print remainder, if any. */ /* Print remainder, if any. */
if (linelen) { if (linelen) {
len = fprintf(fp, "%s%s\n", indent, beg); len = fprintf(fp, "%s%s\n", indent, beg);
if (len < 0) if (len < 0)
debug_return_int(-1); debug_return_size_t(-1);
outlen += len; outlen += len;
} }
debug_return_int(outlen); debug_return_size_t(outlen);
} }

5
plugins/sudoers/regress/logging/check_wrap.c → lib/eventlog/regress/logwrap/check_wrap.c
View File

@ -26,12 +26,11 @@
#define SUDO_ERROR_WRAP 0 #define SUDO_ERROR_WRAP 0
#include "sudo_compat.h" #include "sudo_compat.h"
#include "sudo_eventlog.h"
#include "sudo_fatal.h" #include "sudo_fatal.h"
#include "sudo_plugin.h" #include "sudo_plugin.h"
#include "sudo_util.h" #include "sudo_util.h"
extern void writeln_wrap(FILE *fp, char *line, size_t len, size_t maxlen);
sudo_dso_public int main(int argc, char *argv[]); sudo_dso_public int main(int argc, char *argv[]);
static void static void
@ -92,7 +91,7 @@ main(int argc, char *argv[])
sudo_fatalx("%s: invalid length on line %d\n", argv[1], lineno); sudo_fatalx("%s: invalid length on line %d\n", argv[1], lineno);
while (len <= maxlen) { while (len <= maxlen) {
printf("# word wrap at %d characters\n", (int)len); printf("# word wrap at %d characters\n", (int)len);
writeln_wrap(stdout, lines[0], strlen(lines[0]), len); eventlog_writeln(stdout, lines[0], strlen(lines[0]), len);
len++; len++;
} }
} }

0
plugins/sudoers/regress/logging/check_wrap.in → lib/eventlog/regress/logwrap/check_wrap.in
View File

0
plugins/sudoers/regress/logging/check_wrap.out.ok → lib/eventlog/regress/logwrap/check_wrap.out.ok
View File

48
plugins/sudoers/Makefile.in
View File

@ -155,7 +155,7 @@ PROGS = sudoers.la visudo sudoreplay cvtsudoers testsudoers
TEST_PROGS = check_addr check_base64 check_digest check_env_pattern \ TEST_PROGS = check_addr check_base64 check_digest check_env_pattern \
check_exptilde check_fill check_gentime check_hexchar \ check_exptilde check_fill check_gentime check_hexchar \
check_iolog_plugin check_wrap check_starttime @SUDOERS_TEST_PROGS@ check_iolog_plugin check_starttime @SUDOERS_TEST_PROGS@
AUTH_OBJS = sudo_auth.lo @AUTH_OBJS@ AUTH_OBJS = sudo_auth.lo @AUTH_OBJS@
@ -172,8 +172,8 @@ SUDOERS_OBJS = $(AUTH_OBJS) boottime.lo check.lo editor.lo env.lo \
env_pattern.lo file.lo find_path.lo fmtsudoers.lo gc.lo \ env_pattern.lo file.lo find_path.lo fmtsudoers.lo gc.lo \
goodpath.lo group_plugin.lo interfaces.lo iolog.lo \ goodpath.lo group_plugin.lo interfaces.lo iolog.lo \
iolog_path_escapes.lo locale.lo iolog_client.lo logging.lo \ iolog_path_escapes.lo locale.lo iolog_client.lo logging.lo \
logwrap.lo parse.lo policy.lo prompt.lo set_perms.lo \ parse.lo policy.lo prompt.lo set_perms.lo starttime.lo \
starttime.lo sudo_nss.lo sudoers.lo timestamp.lo @SUDOERS_OBJS@ sudo_nss.lo sudoers.lo timestamp.lo @SUDOERS_OBJS@
SUDOERS_IOBJS = $(SUDOERS_OBJS:.lo=.i) SUDOERS_IOBJS = $(SUDOERS_OBJS:.lo=.i)
@ -229,8 +229,6 @@ CHECK_SYMBOLS_OBJS = check_symbols.o
CHECK_STARTTIME_OBJS = check_starttime.o starttime.lo sudoers_debug.lo CHECK_STARTTIME_OBJS = check_starttime.o starttime.lo sudoers_debug.lo
CHECK_WRAP_OBJS = check_wrap.o logwrap.lo sudoers_debug.lo
VERSION = @PACKAGE_VERSION@ VERSION = @PACKAGE_VERSION@
PACKAGE_TARNAME = @PACKAGE_TARNAME@ PACKAGE_TARNAME = @PACKAGE_TARNAME@
@ -331,9 +329,6 @@ check_starttime: $(CHECK_STARTTIME_OBJS) $(LIBUTIL)
check_symbols: $(CHECK_SYMBOLS_OBJS) $(LIBUTIL) check_symbols: $(CHECK_SYMBOLS_OBJS) $(LIBUTIL)
$(LIBTOOL) $(LTFLAGS) --mode=link $(CC) -o $@ $(CHECK_SYMBOLS_OBJS) $(CHECK_SYMBOLS_LDFLAGS) $(LDFLAGS) $(ASAN_LDFLAGS) $(PIE_LDFLAGS) $(SSP_LDFLAGS) $(LIBS) @SUDO_LIBS@ $(LIBTOOL) $(LTFLAGS) --mode=link $(CC) -o $@ $(CHECK_SYMBOLS_OBJS) $(CHECK_SYMBOLS_LDFLAGS) $(LDFLAGS) $(ASAN_LDFLAGS) $(PIE_LDFLAGS) $(SSP_LDFLAGS) $(LIBS) @SUDO_LIBS@
check_wrap: $(CHECK_WRAP_OBJS) $(LIBUTIL)
$(LIBTOOL) $(LTFLAGS) --mode=link $(CC) -o $@ $(CHECK_WRAP_OBJS) $(LDFLAGS) $(ASAN_LDFLAGS) $(PIE_LDFLAGS) $(SSP_LDFLAGS) $(LIBS)
GENERATED = gram.h gram.c toke.c def_data.c def_data.h getdate.c GENERATED = gram.h gram.c toke.c def_data.c def_data.h getdate.c
prologue: prologue:
@ -481,9 +476,6 @@ check: $(TEST_PROGS) visudo testsudoers cvtsudoers
if test -f check_symbols; then \ if test -f check_symbols; then \
./check_symbols .libs/sudoers.so $(shlib_exp) || rval=`expr $$rval + $$?`; \ ./check_symbols .libs/sudoers.so $(shlib_exp) || rval=`expr $$rval + $$?`; \
fi; \ fi; \
mkdir -p regress/logging; \
./check_wrap $(srcdir)/regress/logging/check_wrap.in > regress/logging/check_wrap.out; \
diff regress/logging/check_wrap.out $(srcdir)/regress/logging/check_wrap.out.ok || rval=`expr $$rval + $$?`; \
passed=0; failed=0; total=0; \ passed=0; failed=0; total=0; \
mkdir -p regress/sudoers; \ mkdir -p regress/sudoers; \
dir=sudoers; \ dir=sudoers; \
@ -1032,18 +1024,6 @@ check_symbols.i: $(srcdir)/regress/check_symbols/check_symbols.c \
$(CC) -E -o $@ $(CPPFLAGS) $< $(CC) -E -o $@ $(CPPFLAGS) $<
check_symbols.plog: check_symbols.i check_symbols.plog: check_symbols.i
rm -f $@; pvs-studio --cfg $(PVS_CFG) --sourcetree-root $(top_srcdir) --skip-cl-exe yes --source-file $(srcdir)/regress/check_symbols/check_symbols.c --i-file $< --output-file $@ rm -f $@; pvs-studio --cfg $(PVS_CFG) --sourcetree-root $(top_srcdir) --skip-cl-exe yes --source-file $(srcdir)/regress/check_symbols/check_symbols.c --i-file $< --output-file $@
check_wrap.o: $(srcdir)/regress/logging/check_wrap.c \
$(incdir)/compat/stdbool.h $(incdir)/sudo_compat.h \
$(incdir)/sudo_fatal.h $(incdir)/sudo_plugin.h \
$(incdir)/sudo_util.h $(top_builddir)/config.h
$(CC) -c $(CPPFLAGS) $(CFLAGS) $(ASAN_CFLAGS) $(PIE_CFLAGS) $(SSP_CFLAGS) $(srcdir)/regress/logging/check_wrap.c
check_wrap.i: $(srcdir)/regress/logging/check_wrap.c \
$(incdir)/compat/stdbool.h $(incdir)/sudo_compat.h \
$(incdir)/sudo_fatal.h $(incdir)/sudo_plugin.h \
$(incdir)/sudo_util.h $(top_builddir)/config.h
$(CC) -E -o $@ $(CPPFLAGS) $<
check_wrap.plog: check_wrap.i
rm -f $@; pvs-studio --cfg $(PVS_CFG) --sourcetree-root $(top_srcdir) --skip-cl-exe yes --source-file $(srcdir)/regress/logging/check_wrap.c --i-file $< --output-file $@
cvtsudoers.o: $(srcdir)/cvtsudoers.c $(devdir)/def_data.h $(devdir)/gram.h \ cvtsudoers.o: $(srcdir)/cvtsudoers.c $(devdir)/def_data.h $(devdir)/gram.h \
$(incdir)/compat/getopt.h $(incdir)/compat/stdbool.h \ $(incdir)/compat/getopt.h $(incdir)/compat/stdbool.h \
$(incdir)/sudo_compat.h $(incdir)/sudo_conf.h \ $(incdir)/sudo_compat.h $(incdir)/sudo_conf.h \
@ -1850,28 +1830,6 @@ logging.i: $(srcdir)/logging.c $(devdir)/def_data.h \
$(CC) -E -o $@ $(CPPFLAGS) $< $(CC) -E -o $@ $(CPPFLAGS) $<
logging.plog: logging.i logging.plog: logging.i
rm -f $@; pvs-studio --cfg $(PVS_CFG) --sourcetree-root $(top_srcdir) --skip-cl-exe yes --source-file $(srcdir)/logging.c --i-file $< --output-file $@ rm -f $@; pvs-studio --cfg $(PVS_CFG) --sourcetree-root $(top_srcdir) --skip-cl-exe yes --source-file $(srcdir)/logging.c --i-file $< --output-file $@
logwrap.lo: $(srcdir)/logwrap.c $(devdir)/def_data.h \
$(incdir)/compat/stdbool.h $(incdir)/sudo_compat.h \
$(incdir)/sudo_conf.h $(incdir)/sudo_debug.h \
$(incdir)/sudo_eventlog.h $(incdir)/sudo_fatal.h \
$(incdir)/sudo_gettext.h $(incdir)/sudo_plugin.h \
$(incdir)/sudo_queue.h $(incdir)/sudo_util.h $(srcdir)/defaults.h \
$(srcdir)/logging.h $(srcdir)/parse.h $(srcdir)/sudo_nss.h \
$(srcdir)/sudoers.h $(srcdir)/sudoers_debug.h \
$(top_builddir)/config.h $(top_builddir)/pathnames.h
$(LIBTOOL) $(LTFLAGS) --mode=compile $(CC) -c $(CPPFLAGS) $(CFLAGS) $(ASAN_CFLAGS) $(PIE_CFLAGS) $(SSP_CFLAGS) $(srcdir)/logwrap.c
logwrap.i: $(srcdir)/logwrap.c $(devdir)/def_data.h \
$(incdir)/compat/stdbool.h $(incdir)/sudo_compat.h \
$(incdir)/sudo_conf.h $(incdir)/sudo_debug.h \
$(incdir)/sudo_eventlog.h $(incdir)/sudo_fatal.h \
$(incdir)/sudo_gettext.h $(incdir)/sudo_plugin.h \
$(incdir)/sudo_queue.h $(incdir)/sudo_util.h $(srcdir)/defaults.h \
$(srcdir)/logging.h $(srcdir)/parse.h $(srcdir)/sudo_nss.h \
$(srcdir)/sudoers.h $(srcdir)/sudoers_debug.h \
$(top_builddir)/config.h $(top_builddir)/pathnames.h
$(CC) -E -o $@ $(CPPFLAGS) $<
logwrap.plog: logwrap.i
rm -f $@; pvs-studio --cfg $(PVS_CFG) --sourcetree-root $(top_srcdir) --skip-cl-exe yes --source-file $(srcdir)/logwrap.c --i-file $< --output-file $@
match.lo: $(srcdir)/match.c $(devdir)/def_data.h $(devdir)/gram.h \ match.lo: $(srcdir)/match.c $(devdir)/def_data.h $(devdir)/gram.h \
$(incdir)/compat/fnmatch.h $(incdir)/compat/stdbool.h \ $(incdir)/compat/fnmatch.h $(incdir)/compat/stdbool.h \
$(incdir)/sudo_compat.h $(incdir)/sudo_conf.h $(incdir)/sudo_debug.h \ $(incdir)/sudo_compat.h $(incdir)/sudo_conf.h $(incdir)/sudo_debug.h \

1
plugins/sudoers/logging.c
View File

@ -589,6 +589,7 @@ init_eventlog_config(void)
eventlog_set_syslog_rejectpri(def_syslog_badpri); eventlog_set_syslog_rejectpri(def_syslog_badpri);
eventlog_set_syslog_alertpri(def_syslog_badpri); eventlog_set_syslog_alertpri(def_syslog_badpri);
eventlog_set_syslog_maxlen(def_syslog_maxlen); eventlog_set_syslog_maxlen(def_syslog_maxlen);
eventlog_set_file_maxlen(def_loglinelen);
eventlog_set_mailuid(mailuid); eventlog_set_mailuid(mailuid);
eventlog_set_omit_hostname(!def_log_host); eventlog_set_omit_hostname(!def_log_host);
eventlog_set_logpath(def_logfile); eventlog_set_logpath(def_logfile);

6
plugins/sudoers/logging.h
View File

@ -46,11 +46,6 @@
#define SLOG_NO_LOG 0x20 /* do not log via file or syslog */ #define SLOG_NO_LOG 0x20 /* do not log via file or syslog */
#define SLOG_AUDIT 0x40 /* send message to audit as well */ #define SLOG_AUDIT 0x40 /* send message to audit as well */
/*
* Indentation level for file-based logs when word wrap is enabled.
*/
#define LOG_INDENT " "
/* XXX - needed for auditing */ /* XXX - needed for auditing */
extern int NewArgc; extern int NewArgc;
extern char **NewArgv; extern char **NewArgv;
@ -72,7 +67,6 @@ bool log_warningx(int flags, const char *fmt, ...) __printflike(2, 3);
bool gai_log_warning(int flags, int errnum, const char *fmt, ...) __printflike(3, 4); bool gai_log_warning(int flags, int errnum, const char *fmt, ...) __printflike(3, 4);
bool sudoers_initlocale(const char *ulocale, const char *slocale); bool sudoers_initlocale(const char *ulocale, const char *slocale);
bool sudoers_locale_callback(const union sudo_defs_val *); bool sudoers_locale_callback(const union sudo_defs_val *);
int writeln_wrap(FILE *fp, char *line, size_t len, size_t maxlen);
void sudoers_to_eventlog(struct eventlog *evlog); void sudoers_to_eventlog(struct eventlog *evlog);
void init_eventlog_config(void); void init_eventlog_config(void);

11
plugins/sudoers/sudoers.c
View File

@ -1470,6 +1470,16 @@ cb_syslog_maxlen(const union sudo_defs_val *sd_un)
debug_return_bool(true); debug_return_bool(true);
} }
static bool
cb_loglinelen(const union sudo_defs_val *sd_un)
{
debug_decl(cb_loglinelen, SUDOERS_DEBUG_PLUGIN);
eventlog_set_file_maxlen(sd_un->ival);
debug_return_bool(true);
}
static bool static bool
cb_log_year(const union sudo_defs_val *sd_un) cb_log_year(const union sudo_defs_val *sd_un)
{ {
@ -1588,6 +1598,7 @@ set_callbacks(void)
sudo_defs_table[I_SYSLOG_GOODPRI].callback = cb_syslog_goodpri; sudo_defs_table[I_SYSLOG_GOODPRI].callback = cb_syslog_goodpri;
sudo_defs_table[I_SYSLOG_BADPRI].callback = cb_syslog_badpri; sudo_defs_table[I_SYSLOG_BADPRI].callback = cb_syslog_badpri;
sudo_defs_table[I_SYSLOG_MAXLEN].callback = cb_syslog_maxlen; sudo_defs_table[I_SYSLOG_MAXLEN].callback = cb_syslog_maxlen;
sudo_defs_table[I_LOGLINELEN].callback = cb_loglinelen;
sudo_defs_table[I_LOG_HOST].callback = cb_log_host; sudo_defs_table[I_LOG_HOST].callback = cb_log_host;
sudo_defs_table[I_LOGFILE].callback = cb_logfile; sudo_defs_table[I_LOGFILE].callback = cb_logfile;
sudo_defs_table[I_LOG_YEAR].callback = cb_log_year; sudo_defs_table[I_LOG_YEAR].callback = cb_log_year;