1 /* 2 * SPDX-License-Identifier: ISC 3 * 4 * Copyright (c) 2020-2021 Todd C. Miller <Todd.Miller@sudo.ws> 5 * 6 * Permission to use, copy, modify, and distribute this software for any 7 * purpose with or without fee is hereby granted, provided that the above 8 * copyright notice and this permission notice appear in all copies. 9 * 10 * THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES 11 * WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF 12 * MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR 13 * ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES 14 * WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN 15 * ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF 16 * OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. 17 */ 18 19 #ifndef SUDO_EVENTLOG_H 20 #define SUDO_EVENTLOG_H 21 22 #include <sys/types.h> /* for gid_t, uid_t */ 23 #include <time.h> /* for struct timespec */ 24 #ifdef HAVE_STDBOOL_H 25 # include <stdbool.h> 26 #else 27 # include "compat/stdbool.h" 28 #endif /* HAVE_STDBOOL_H */ 29 30 /* Supported event types. */ 31 enum event_type { 32 EVLOG_ACCEPT, 33 EVLOG_REJECT, 34 EVLOG_EXIT, 35 EVLOG_ALERT 36 }; 37 38 /* Supported eventlog types (bitmask). */ 39 #define EVLOG_NONE 0x00 40 #define EVLOG_SYSLOG 0x01 41 #define EVLOG_FILE 0x02 42 43 /* Supported eventlog formats. */ 44 enum eventlog_format { 45 EVLOG_SUDO, 46 EVLOG_JSON 47 }; 48 49 /* Eventlog flag values. */ 50 #define EVLOG_RAW 0x01 51 #define EVLOG_MAIL 0x02 52 #define EVLOG_MAIL_ONLY 0x04 53 54 /* 55 * Maximum number of characters to log per entry. The syslogger 56 * will log this much, after that, it truncates the log line. 57 * We need this here to make sure that we continue with another 58 * syslog(3) call if the internal buffer is more than 1023 characters. 59 */ 60 #ifndef MAXSYSLOGLEN 61 # define MAXSYSLOGLEN 960 62 #endif 63 64 /* 65 * Indentation level for file-based logs when word wrap is enabled. 66 */ 67 #define EVENTLOG_INDENT " " 68 69 /* 70 * Event log config, used with eventlog_getconf() 71 */ 72 struct eventlog_config { 73 int type; 74 enum eventlog_format format; 75 int syslog_acceptpri; 76 int syslog_rejectpri; 77 int syslog_alertpri; 78 int syslog_maxlen; 79 int file_maxlen; 80 uid_t mailuid; 81 bool omit_hostname; 82 const char *logpath; 83 const char *time_fmt; 84 const char *mailerpath; 85 const char *mailerflags; 86 const char *mailfrom; 87 const char *mailto; 88 const char *mailsub; 89 FILE *(*open_log)(int type, const char *); 90 void (*close_log)(int type, FILE *); 91 }; 92 93 /* 94 * Info present in the eventlog file, regardless of format. 95 */ 96 struct eventlog { 97 char *iolog_path; 98 const char *iolog_file; /* substring of iolog_path, do not free */ 99 char *command; 100 char *cwd; 101 char *runchroot; 102 char *runcwd; 103 char *rungroup; 104 char *runuser; 105 char *peeraddr; 106 char *submithost; 107 char *submituser; 108 char *submitgroup; 109 char *ttyname; 110 char **argv; 111 char **env_add; 112 char **envp; 113 struct timespec submit_time; 114 struct timespec iolog_offset; 115 int lines; 116 int columns; 117 uid_t runuid; 118 gid_t rungid; 119 char sessid[7]; 120 char uuid_str[37]; 121 }; 122 123 /* Callback from eventlog code to write log info */ 124 struct json_container; 125 typedef bool (*eventlog_json_callback_t)(struct json_container *, void *); 126 127 bool eventlog_accept(const struct eventlog *evlog, int flags, eventlog_json_callback_t info_cb, void *info); 128 bool eventlog_exit(const struct eventlog *evlog, int flags, struct timespec *run_time, int exit_value, const char *signal_name, bool core_dumped); 129 bool eventlog_alert(const struct eventlog *evlog, int flags, struct timespec *alert_time, const char *reason, const char *errstr); 130 bool eventlog_reject(const struct eventlog *evlog, int flags, const char *reason, eventlog_json_callback_t info_cb, void *info); 131 bool eventlog_store_json(struct json_container *json, const struct eventlog *evlog); 132 size_t eventlog_writeln(FILE *fp, char *line, size_t len, size_t maxlen); 133 void eventlog_free(struct eventlog *evlog); 134 void eventlog_set_type(int type); 135 void eventlog_set_format(enum eventlog_format format); 136 void eventlog_set_syslog_acceptpri(int pri); 137 void eventlog_set_syslog_rejectpri(int pri); 138 void eventlog_set_syslog_alertpri(int pri); 139 void eventlog_set_syslog_maxlen(int len); 140 void eventlog_set_file_maxlen(int len); 141 void eventlog_set_mailuid(uid_t uid); 142 void eventlog_set_omit_hostname(bool omit_hostname); 143 void eventlog_set_logpath(const char *path); 144 void eventlog_set_time_fmt(const char *fmt); 145 void eventlog_set_mailerpath(const char *path); 146 void eventlog_set_mailerflags(const char *mflags); 147 void eventlog_set_mailfrom(const char *from_addr); 148 void eventlog_set_mailto(const char *to_addr); 149 void eventlog_set_mailsub(const char *subject); 150 void eventlog_set_open_log(FILE *(*fn)(int type, const char *)); 151 void eventlog_set_close_log(void (*fn)(int type, FILE *)); 152 const struct eventlog_config *eventlog_getconf(void); 153 154 #endif /* SUDO_EVENTLOG_H */ 155