Book a Demo!
CoCalc Logo Icon
StoreFeaturesDocsShareSupportNewsAboutPoliciesSign UpSign In
sudo-project
GitHub Repository: sudo-project/sudo
 Path: blob/main/include/sudo_eventlog.h
1532 views
1
/*

2
 * SPDX-License-Identifier: ISC

3
 *

4
 * Copyright (c) 2020-2021 Todd C. Miller <[email protected]>

5
 *

6
 * Permission to use, copy, modify, and distribute this software for any

7
 * purpose with or without fee is hereby granted, provided that the above

8
 * copyright notice and this permission notice appear in all copies.

9
 *

10
 * THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES

11
 * WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF

12
 * MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR

13
 * ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES

14
 * WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN

15
 * ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF

16
 * OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.

17
 */

18


19
#ifndef SUDO_EVENTLOG_H

20
#define SUDO_EVENTLOG_H

21


22
#include <sys/types.h>	/* for gid_t, uid_t */

23
#include <time.h>	/* for struct timespec */

24
#ifdef HAVE_STDBOOL_H

25
# include <stdbool.h>

26
#else

27
# include <compat/stdbool.h>

28
#endif /* HAVE_STDBOOL_H */

29


30
/* Supported event types. */

31
enum event_type {

32
    EVLOG_ACCEPT,

33
    EVLOG_REJECT,

34
    EVLOG_EXIT,

35
    EVLOG_ALERT

36
};

37


38
/* Supported eventlog types (bitmask). */

39
#define EVLOG_NONE	0x00

40
#define EVLOG_SYSLOG	0x01

41
#define EVLOG_FILE	0x02

42


43
/* Supported eventlog formats. */

44
enum eventlog_format {

45
    EVLOG_SUDO,

46
    EVLOG_JSON_COMPACT,

47
    EVLOG_JSON_PRETTY

48
};

49


50
/* Eventlog flag values. */

51
#define EVLOG_RAW	0x01	/* only include message and errstr */

52
#define EVLOG_MAIL	0x02	/* mail the log message too */

53
#define EVLOG_MAIL_ONLY	0x04	/* only mail the message, no other logging */

54
#define EVLOG_CWD	0x08	/* log cwd if no runcwd and use CWD, not PWD */

55


56
/*

57
 * Maximum number of characters to log per entry.  The syslogger

58
 * will log this much, after that, it truncates the log line.

59
 * We need this here to make sure that we continue with another

60
 * syslog(3) call if the internal buffer is more than 1023 characters.

61
 */

62
#ifndef MAXSYSLOGLEN

63
# define MAXSYSLOGLEN		960

64
#endif

65


66
/*

67
 * Indentation level for file-based logs when word wrap is enabled.

68
 */

69
#define EVENTLOG_INDENT	"    "

70


71
/*

72
 * Event log config, used with eventlog_getconf()

73
 */

74
struct eventlog_config {

75
    int type;

76
    enum eventlog_format format;

77
    size_t file_maxlen;

78
    size_t syslog_maxlen;

79
    int syslog_acceptpri;

80
    int syslog_rejectpri;

81
    int syslog_alertpri;

82
    uid_t mailuid;

83
    gid_t mailgid;

84
    bool omit_hostname;

85
    const char *logpath;

86
    const char *time_fmt;

87
    const char *mailerpath;

88
    const char *mailerflags;

89
    const char *mailfrom;

90
    const char *mailto;

91
    const char *mailsub;

92
    FILE *(*open_log)(int type, const char *);

93
    void (*close_log)(int type, FILE *);

94
};

95


96
/*

97
 * Info present in the eventlog file, regardless of format.

98
 */

99
struct eventlog {

100
    char *iolog_path;

101
    const char *iolog_file;	/* substring of iolog_path, do not free */

102
    char *command;

103
    char *cwd;

104
    char *runchroot;

105
    char *runcwd;

106
    char *rungroup;

107
    char *runuser;

108
    char *peeraddr;

109
    char *signal_name;

110
    char *source;

111
    char *submithost;

112
    char *submituser;

113
    char *submitgroup;

114
    char **submitenv;

115
    char *ttyname;

116
    char **runargv;

117
    char **runenv;

118
    char **env_add;

119
    struct timespec event_time;

120
    struct timespec iolog_offset;

121
    struct timespec run_time;

122
    int exit_value;

123
    int lines;

124
    int columns;

125
    uid_t runuid;

126
    gid_t rungid;

127
    bool dumped_core;

128
    char sessid[7];

129
    char uuid_str[37];

130
};

131


132
/* Callback from eventlog code to write log info */

133
struct json_container;

134
struct sudo_lbuf;

135
typedef bool (*eventlog_json_callback_t)(struct json_container *, void *);

136


137
/* eventlog.c */

138
bool eventlog_accept(const struct eventlog *evlog, int flags, eventlog_json_callback_t info_cb, void *info);

139
bool eventlog_exit(const struct eventlog *evlog, int flags);

140
bool eventlog_alert(const struct eventlog *evlog, int flags, struct timespec *alert_time, const char *reason, const char *errstr);

141
bool eventlog_mail(const struct eventlog *evlog, int flags, struct timespec *event_time, const char *reason, const char *errstr, char * const extra[]);

142
bool eventlog_reject(const struct eventlog *evlog, int flags, const char *reason, eventlog_json_callback_t info_cb, void *info);

143
bool eventlog_store_json(struct json_container *jsonc, const struct eventlog *evlog);

144
bool eventlog_store_sudo(int event_type, const struct eventlog *evlog, struct sudo_lbuf *lbuf);

145
void eventlog_free(struct eventlog *evlog);

146
void eventlog_free_contents(struct eventlog *evlog);

147


148
/* eventlog_conf.c */

149
void eventlog_set_type(int type);

150
void eventlog_set_format(enum eventlog_format format);

151
void eventlog_set_syslog_acceptpri(int pri);

152
void eventlog_set_syslog_rejectpri(int pri);

153
void eventlog_set_syslog_alertpri(int pri);

154
void eventlog_set_syslog_maxlen(size_t len);

155
void eventlog_set_file_maxlen(size_t len);

156
void eventlog_set_mailuser(uid_t uid, gid_t gid);

157
void eventlog_set_omit_hostname(bool omit_hostname);

158
void eventlog_set_logpath(const char *path);

159
void eventlog_set_time_fmt(const char *fmt);

160
void eventlog_set_mailerpath(const char *path);

161
void eventlog_set_mailerflags(const char *mflags);

162
void eventlog_set_mailfrom(const char *from_addr);

163
void eventlog_set_mailto(const char *to_addr);

164
void eventlog_set_mailsub(const char *subject);

165
void eventlog_set_open_log(FILE *(*fn)(int type, const char *));

166
void eventlog_set_close_log(void (*fn)(int type, FILE *));

167
const struct eventlog_config *eventlog_getconf(void);

168


169
/* logwrap.c */

170
size_t eventlog_writeln(FILE *fp, char *line, size_t len, size_t maxlen);

171


172
/* parse_json.c */

173
struct eventlog_json_object;

174
struct eventlog_json_object *eventlog_json_read(FILE *fp, const char *filename);

175
bool eventlog_json_parse(struct eventlog_json_object *object, struct eventlog *evlog);

176
void eventlog_json_free(struct eventlog_json_object *root);

177


178
#endif /* SUDO_EVENTLOG_H */

179


180