diff options
Diffstat (limited to 'plugins/sudoers/regress/iolog_path')
-rw-r--r-- | plugins/sudoers/regress/iolog_path/check_iolog_path.c | 215 | ||||
-rw-r--r-- | plugins/sudoers/regress/iolog_path/data | 96 |
2 files changed, 311 insertions, 0 deletions
diff --git a/plugins/sudoers/regress/iolog_path/check_iolog_path.c b/plugins/sudoers/regress/iolog_path/check_iolog_path.c new file mode 100644 index 0000000..69ea767 --- /dev/null +++ b/plugins/sudoers/regress/iolog_path/check_iolog_path.c @@ -0,0 +1,215 @@ +/* + * Copyright (c) 2011-2013 Todd C. Miller <Todd.Miller@sudo.ws> + * + * Permission to use, copy, modify, and distribute this software for any + * purpose with or without fee is hereby granted, provided that the above + * copyright notice and this permission notice appear in all copies. + * + * THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES + * WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF + * MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR + * ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES + * WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN + * ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF + * OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. + */ + +#include <config.h> + +#include <sys/types.h> +#include <stdio.h> +#include <stdlib.h> +#ifdef HAVE_STRING_H +# include <string.h> +#endif /* HAVE_STRING_H */ +#ifdef HAVE_STRINGS_H +# include <strings.h> +#endif /* HAVE_STRINGS_H */ +#include <pwd.h> +#include <grp.h> +#include <time.h> + +#define SUDO_ERROR_WRAP 0 + +#include "sudoers.h" +#include "def_data.c" + +struct sudo_user sudo_user; +struct passwd *list_pw; + +static char sessid[7]; + +__dso_public int main(int argc, char *argv[]); + +static void +usage(void) +{ + fprintf(stderr, "usage: %s datafile\n", getprogname()); + exit(1); +} + +static int +do_check(char *dir_in, char *file_in, char *tdir_out, char *tfile_out) +{ + char *path, *slash; + char dir_out[4096], file_out[4096]; + struct tm *timeptr; + time_t now; + int error = 0; + + /* + * Expand any strftime(3) escapes + * XXX - want to pass timeptr to expand_iolog_path + */ + time(&now); + timeptr = localtime(&now); + if (timeptr == NULL) + sudo_fatalx("localtime returned NULL"); + strftime(dir_out, sizeof(dir_out), tdir_out, timeptr); + strftime(file_out, sizeof(file_out), tfile_out, timeptr); + + path = expand_iolog_path(NULL, dir_in, file_in, &slash); + if (path == NULL) + sudo_fatalx("unable to expand I/O log path"); + *slash = '\0'; + if (strcmp(path, dir_out) != 0) { + sudo_warnx("%s: expected %s, got %s", dir_in, dir_out, path); + error = 1; + } + if (strcmp(slash + 1, file_out) != 0) { + sudo_warnx("%s: expected %s, got %s", file_in, file_out, slash + 1); + error = 1; + } + free(path); + + return error; +} + +#define MAX_STATE 12 + +int +main(int argc, char *argv[]) +{ + struct passwd pw, rpw; + size_t len; + FILE *fp; + char line[2048]; + char *file_in = NULL, *file_out = NULL; + char *dir_in = NULL, *dir_out = NULL; + const char *errstr; + int state = 0; + int errors = 0; + int tests = 0; + + initprogname(argc > 0 ? argv[0] : "check_iolog_path"); + + if (argc != 2) + usage(); + + fp = fopen(argv[1], "r"); + if (fp == NULL) + sudo_fatalx("unable to open %s", argv[1]); + + memset(&pw, 0, sizeof(pw)); + memset(&rpw, 0, sizeof(rpw)); + sudo_user.pw = &pw; + sudo_user._runas_pw = &rpw; + + /* + * Input consists of 12 lines: + * sequence number + * user name + * user gid + * runas user name + * runas gid + * hostname [short form] + * command + * dir [with escapes] + * file [with escapes] + * expanded dir + * expanded file + * empty line + */ + while (fgets(line, sizeof(line), fp) != NULL) { + len = strcspn(line, "\n"); + line[len] = '\0'; + + switch (state) { + case 0: + strlcpy(sessid, line, sizeof(sessid)); + break; + case 1: + if (user_name != NULL) + free(user_name); + user_name = strdup(line); + break; + case 2: + user_gid = (gid_t)sudo_strtoid(line, NULL, NULL, &errstr); + if (errstr != NULL) + sudo_fatalx("group ID %s: %s", line, errstr); + break; + case 3: + if (runas_pw->pw_name != NULL) + free(runas_pw->pw_name); + runas_pw->pw_name = strdup(line); + break; + case 4: + runas_pw->pw_gid = (gid_t)sudo_strtoid(line, NULL, NULL, &errstr); + if (errstr != NULL) + sudo_fatalx("group ID %s: %s", line, errstr); + break; + case 5: + if (user_shost != NULL) + free(user_shost); + user_shost = strdup(line); + break; + case 6: + if (user_base != NULL) + free(user_base); + user_base = strdup(line); + break; + case 7: + if (dir_in != NULL) + free(dir_in); + dir_in = strdup(line); + break; + case 8: + if (file_in != NULL) + free(file_in); + file_in = strdup(line); + break; + case 9: + if (dir_out != NULL) + free(dir_out); + dir_out = strdup(line); + break; + case 10: + if (file_out != NULL) + free(file_out); + file_out = strdup(line); + break; + case 11: + errors += do_check(dir_in, file_in, dir_out, file_out); + tests++; + break; + default: + sudo_fatalx("internal error, invalid state %d", state); + } + state = (state + 1) % MAX_STATE; + } + + if (tests != 0) { + printf("iolog_path: %d test%s run, %d errors, %d%% success rate\n", + tests, tests == 1 ? "" : "s", errors, + (tests - errors) * 100 / tests); + } + + exit(errors); +} + +bool +io_nextid(char *iolog_dir, char *fallback, char id[7]) +{ + memcpy(id, sessid, sizeof(sessid)); + return true; +} diff --git a/plugins/sudoers/regress/iolog_path/data b/plugins/sudoers/regress/iolog_path/data new file mode 100644 index 0000000..dcc3942 --- /dev/null +++ b/plugins/sudoers/regress/iolog_path/data @@ -0,0 +1,96 @@ +000001 +nobody +1 +root +0 +somehost +id +/var/log/sudo-io +%%{bogus} +/var/log/sudo-io +%%{bogus} + +000001 +nobody +1 +root +0 +somehost +id +/var/log/sudo-io +%%{seq} +/var/log/sudo-io +%%{seq} + +000001 +nobody +1 +root +0 +somehost +id +/var/log/sudo-io +%{seq} +/var/log/sudo-io +00/00/01 + +000001 +nobody +1 +root +0 +somehost +id +/var/log/sudo-io/%{user} +%{seq} +/var/log/sudo-io/nobody +00/00/01 + +000001 +nobody +1 +root +0 +somehost +su +/var/log/sudo-io/%{user}/%{runas_user} +%{command}_%Y%m%s_%H%M +/var/log/sudo-io/nobody/root +su_%Y%m%s_%H%M + +000001 +nobody +1 +root +0 +somehost +su +/var/log/sudo-io/ +/%{user}/%{runas_user}/%{command}_%Y%m%s_%H%M +/var/log/sudo-io +nobody/root/su_%Y%m%s_%H%M + +000001 +nobody +1 +root +0 +somehost +su +/var/log/sudo-io/%d%m%Y +%{user}/%{runas_user}/%{command} +/var/log/sudo-io/%d%m%Y +nobody/root/su + +000001 +nobody +1 +root +0 +somehost +su +//////// +%{user}/%{runas_user}/%{command} +/ +nobody/root/su + |