#include "config.h"
#include <sys/types.h>
#include <sys/param.h>
#include <sys/stat.h>
#include <sys/wait.h>
#include <stdio.h>
#ifdef STDC_HEADERS
# include <stdlib.h>
# include <stddef.h>
#else
# ifdef HAVE_STDLIB_H
# include <stdlib.h>
# endif
#endif
#ifdef HAVE_STRING_H
# include <string.h>
#else
# ifdef HAVE_STRINGS_H
# include <strings.h>
# endif
#endif
#ifdef HAVE_UNISTD_H
# include <unistd.h>
#endif
#include <pwd.h>
#include <signal.h>
#include <time.h>
#include <errno.h>
#include "sudo.h"
#ifndef lint
static const char rcsid[] = "$Sudo: logging.c,v 1.153 2002/01/16 21:28:25 millert Exp $";
#endif
static void do_syslog __P((int, char *));
static void do_logfile __P((char *));
static void send_mail __P((char *));
static void mail_auth __P((int, char *));
static char *get_timestr __P((void));
static void mysyslog __P((int, const char *, ...));
#define MAXSYSLOGTRIES 16
static void
#ifdef __STDC__
mysyslog(int pri, const char *fmt, ...)
#else
mysyslog(pri, fmt, va_alist)
int pri;
const char *fmt;
va_dcl
#endif
{
#ifdef BROKEN_SYSLOG
int i;
#endif
char buf[MAXSYSLOGLEN+1];
va_list ap;
#ifdef __STDC__
va_start(ap, fmt);
#else
va_start(ap);
#endif
#ifdef LOG_NFACILITIES
openlog(Argv[0], 0, def_ival(I_LOGFAC));
#else
openlog(Argv[0], 0);
#endif
vsnprintf(buf, sizeof(buf), fmt, ap);
#ifdef BROKEN_SYSLOG
for (i = 0; i < MAXSYSLOGTRIES; i++)
if (syslog(pri, "%s", buf) == 0)
break;
#else
syslog(pri, "%s", buf);
#endif
va_end(ap);
closelog();
}
static void
do_syslog(pri, msg)
int pri;
char *msg;
{
int count;
char *p;
char *tmp;
char save;
for (p = msg, count = 0; *p && count < strlen(msg) / MAXSYSLOGLEN + 1;
count++) {
if (strlen(p) > MAXSYSLOGLEN) {
for (tmp = p + MAXSYSLOGLEN; tmp > p && *tmp != ' '; tmp--)
;
if (tmp <= p)
tmp = p + MAXSYSLOGLEN;
save = *tmp;
*tmp = '\0';
if (count == 0)
mysyslog(pri, "%8.8s : %s", user_name, p);
else
mysyslog(pri, "%8.8s : (command continued) %s", user_name, p);
*tmp = save;
for (p = tmp; *p != ' ' && *p !='\0'; p++)
;
} else {
if (count == 0)
mysyslog(pri, "%8.8s : %s", user_name, p);
else
mysyslog(pri, "%8.8s : (command continued) %s", user_name, p);
}
}
}
static void
do_logfile(msg)
char *msg;
{
char *full_line;
char *beg, *oldend, *end;
FILE *fp;
mode_t oldmask;
int maxlen = def_ival(I_LOGLINELEN);
oldmask = umask(077);
fp = fopen(def_str(I_LOGFILE), "a");
(void) umask(oldmask);
if (fp == NULL) {
easprintf(&full_line, "Can't open log file: %s: %s",
def_str(I_LOGFILE), strerror(errno));
send_mail(full_line);
free(full_line);
} else if (!lock_file(fileno(fp), SUDO_LOCK)) {
easprintf(&full_line, "Can't lock log file: %s: %s",
def_str(I_LOGFILE), strerror(errno));
send_mail(full_line);
free(full_line);
} else {
if (def_ival(I_LOGLINELEN) == 0) {
if (def_flag(I_LOG_HOST))
(void) fprintf(fp, "%s : %s : HOST=%s : %s\n", get_timestr(),
user_name, user_shost, msg);
else
(void) fprintf(fp, "%s : %s : %s\n", get_timestr(),
user_name, msg);
} else {
if (def_flag(I_LOG_HOST))
easprintf(&full_line, "%s : %s : HOST=%s : %s", get_timestr(),
user_name, user_shost, msg);
else
easprintf(&full_line, "%s : %s : %s", get_timestr(),
user_name, msg);
beg = end = full_line;
while (beg) {
oldend = end;
end = strchr(oldend, ' ');
if (maxlen > 0 && end) {
*end = '\0';
if (strlen(beg) > maxlen) {
if (beg == (char *)full_line)
maxlen -= 4;
*end = ' ';
if (oldend != beg) {
end = oldend-1;
while (*end == ' ')
--end;
*(++end) = '\0';
(void) fprintf(fp, "%s\n ", beg);
*end = ' ';
} else {
(void) fprintf(fp, "%s\n ", beg);
}
beg = end;
while (*beg == ' ')
++beg;
} else {
*end = ' ';
}
while (*end == ' ')
++end;
} else {
(void) fprintf(fp, "%s\n", beg);
beg = NULL;
}
}
free(full_line);
}
(void) fflush(fp);
(void) lock_file(fileno(fp), SUDO_UNLOCK);
(void) fclose(fp);
}
}
void
log_auth(status, inform_user)
int status;
int inform_user;
{
char *message;
char *logline;
int pri;
if (status & VALIDATE_OK)
pri = def_ival(I_GOODPRI);
else
pri = def_ival(I_BADPRI);
if (status & VALIDATE_OK)
message = "";
else if (status & FLAG_NO_USER)
message = "user NOT in sudoers ; ";
else if (status & FLAG_NO_HOST)
message = "user NOT authorized on host ; ";
else if (status & VALIDATE_NOT_OK)
message = "command not allowed ; ";
else
message = "unknown error ; ";
easprintf(&logline, "%sTTY=%s ; PWD=%s ; USER=%s ; COMMAND=%s%s%s",
message, user_tty, user_cwd, *user_runas, user_cmnd,
user_args ? " " : "", user_args ? user_args : "");
mail_auth(status, logline);
if (inform_user && (status & VALIDATE_NOT_OK)) {
if (status & FLAG_NO_USER)
(void) fprintf(stderr, "%s is not in the sudoers file. %s",
user_name, "This incident will be reported.\n");
else if (status & FLAG_NO_HOST)
(void) fprintf(stderr, "%s is not allowed to run sudo on %s. %s",
user_name, user_shost, "This incident will be reported.\n");
else if (status & FLAG_NO_CHECK)
(void) fprintf(stderr, "Sorry, user %s may not run sudo on %s.\n",
user_name, user_shost);
else
(void) fprintf(stderr,
"Sorry, user %s is not allowed to execute '%s%s%s' as %s on %s.\n",
user_name, user_cmnd, user_args ? " " : "",
user_args ? user_args : "", *user_runas, user_host);
}
if (def_str(I_SYSLOG))
do_syslog(pri, logline);
if (def_str(I_LOGFILE))
do_logfile(logline);
free(logline);
}
void
#ifdef __STDC__
log_error(int flags, const char *fmt, ...)
#else
log_error(va_alist)
va_dcl
#endif
{
int serrno = errno;
char *message;
char *logline;
va_list ap;
#ifdef __STDC__
va_start(ap, fmt);
#else
int flags;
const char *fmt;
va_start(ap);
flags = va_arg(ap, int);
fmt = va_arg(ap, const char *);
#endif
if (geteuid() != 0)
set_perms(PERM_ROOT, 0);
evasprintf(&message, fmt, ap);
va_end(ap);
if (flags & MSG_ONLY)
logline = message;
else if (flags & USE_ERRNO) {
if (user_args) {
easprintf(&logline,
"%s: %s ; TTY=%s ; PWD=%s ; USER=%s ; COMMAND=%s %s",
message, strerror(serrno), user_tty, user_cwd, *user_runas,
user_cmnd, user_args);
} else {
easprintf(&logline,
"%s: %s ; TTY=%s ; PWD=%s ; USER=%s ; COMMAND=%s", message,
strerror(serrno), user_tty, user_cwd, *user_runas, user_cmnd);
}
} else {
if (user_args) {
easprintf(&logline,
"%s ; TTY=%s ; PWD=%s ; USER=%s ; COMMAND=%s %s", message,
user_tty, user_cwd, *user_runas, user_cmnd, user_args);
} else {
easprintf(&logline,
"%s ; TTY=%s ; PWD=%s ; USER=%s ; COMMAND=%s", message,
user_tty, user_cwd, *user_runas, user_cmnd);
}
}
(void) fprintf(stderr, "%s: %s", Argv[0], message);
if (flags & USE_ERRNO)
(void) fprintf(stderr, ": %s", strerror(serrno));
(void) fputc('\n', stderr);
if (!(flags & NO_MAIL))
send_mail(logline);
if (def_str(I_SYSLOG))
do_syslog(def_ival(I_BADPRI), logline);
if (def_str(I_LOGFILE))
do_logfile(logline);
free(message);
if (logline != message)
free(logline);
if (!(flags & NO_EXIT))
exit(1);
}
#define MAX_MAILFLAGS 63
static void
send_mail(line)
char *line;
{
FILE *mail;
char *p;
int pfd[2], pid, status;
sigset_t set, oset;
#ifndef NO_ROOT_MAILER
static char *root_envp[] = {
"HOME=/",
"PATH=/usr/bin:/bin",
"LOGNAME=root",
"USER=root",
NULL
};
#endif
if (!def_str(I_MAILERPATH) || !def_str(I_MAILTO))
return;
(void) sigemptyset(&set);
(void) sigaddset(&set, SIGCHLD);
(void) sigprocmask(SIG_BLOCK, &set, &oset);
if (pipe(pfd) == -1) {
(void) fprintf(stderr, "%s: cannot open pipe: %s\n",
Argv[0], strerror(errno));
exit(1);
}
switch (pid = fork()) {
case -1:
(void) fprintf(stderr, "%s: cannot fork: %s\n",
Argv[0], strerror(errno));
exit(1);
break;
case 0:
{
char *argv[MAX_MAILFLAGS + 1];
char *mpath, *mflags;
int i;
if (pfd[0] != STDIN_FILENO) {
(void) dup2(pfd[0], STDIN_FILENO);
(void) close(pfd[0]);
}
(void) close(pfd[1]);
mflags = estrdup(def_str(I_MAILERFLAGS));
mpath = estrdup(def_str(I_MAILERPATH));
if ((argv[0] = strrchr(mpath, ' ')))
argv[0]++;
else
argv[0] = mpath;
i = 1;
if ((p = strtok(mflags, " \t"))) {
do {
argv[i] = p;
} while (++i < MAX_MAILFLAGS && (p = strtok(NULL, " \t")));
}
argv[i] = NULL;
endpwent();
#ifndef NO_ROOT_MAILER
set_perms(PERM_FULL_ROOT, 0);
execve(mpath, argv, root_envp);
#else
set_perms(PERM_FULL_USER, 0);
execv(mpath, argv);
#endif
_exit(127);
}
break;
}
(void) close(pfd[0]);
mail = fdopen(pfd[1], "w");
(void) fprintf(mail, "To: %s\nFrom: %s\nSubject: ",
def_str(I_MAILTO), user_name);
for (p = def_str(I_MAILSUB); *p; p++) {
if (*p == '%' && *(p+1) != '%') {
switch (*(++p)) {
case 'h':
(void) fputs(user_host, mail);
break;
case 'u':
(void) fputs(user_name, mail);
break;
default:
p--;
break;
}
} else
(void) fputc(*p, mail);
}
(void) fprintf(mail, "\n\n%s : %s : %s : %s\n\n", user_host,
get_timestr(), user_name, line);
fclose(mail);
#ifdef sudo_waitpid
(void) sudo_waitpid(pid, &status, WNOHANG);
#endif
(void) sigprocmask(SIG_SETMASK, &oset, NULL);
}
static void
mail_auth(status, line)
int status;
char *line;
{
int mail_mask;
if (def_flag(I_MAIL_ALWAYS))
mail_mask =
VALIDATE_ERROR|VALIDATE_OK|FLAG_NO_USER|FLAG_NO_HOST|VALIDATE_NOT_OK;
else {
mail_mask = VALIDATE_ERROR;
if (def_flag(I_MAIL_NO_USER))
mail_mask |= FLAG_NO_USER;
if (def_flag(I_MAIL_NO_HOST))
mail_mask |= FLAG_NO_HOST;
if (def_flag(I_MAIL_NO_PERMS))
mail_mask |= VALIDATE_NOT_OK;
}
if ((status & mail_mask) != 0)
send_mail(line);
}
RETSIGTYPE
reapchild(sig)
int sig;
{
int status, serrno = errno;
#ifdef sudo_waitpid
while (sudo_waitpid(-1, &status, WNOHANG) != -1 && errno == EINTR)
;
#else
(void) wait(&status);
#endif
errno = serrno;
}
static char *
get_timestr()
{
char *s;
time_t now = time((time_t) 0);
#ifdef HAVE_STRFTIME
static char buf[128];
struct tm *timeptr;
timeptr = localtime(&now);
if (def_flag(I_LOG_YEAR))
s = "%h %e %T %Y";
else
s = "%h %e %T";
buf[sizeof(buf) - 1] = '\0';
if (strftime(buf, sizeof(buf), s, timeptr) && buf[sizeof(buf) - 1] == '\0')
return(buf);
#endif
s = ctime(&now) + 4;
if (def_flag(I_LOG_YEAR))
s[20] = '\0';
else
s[15] = '\0';
return(s);
}