Bug 475

Summary: sudoreplay cannot list file for customized iolog filename
Product: Sudo Reporter: johnyip
Component: SudoreplayAssignee: Todd C. Miller <Todd.Miller>
Status: RESOLVED FIXED    
Severity: high    
Priority: high    
Version: 1.8.0   
Hardware: PC   
OS: Linux   
Attachments: Patch to allow sudoreplay to work with arbitrary iolog_file settings

Description johnyip 2011-03-03 08:32:10 MST 
Hi,

I have used the iolog_file option to rename the filename.
Sudo is able to successfully create the directory with the customized filename. 
However, on sudoreplay -d /var/log/sudo-io/<filename> -l, it cannot display the ID for playback.

I am logging this from home and so do not have access to office to do a screendump. I will try tomorrow.

Thanks and have a nice day.
Comment 1 Todd C. Miller 2011-03-03 09:33:17 MST 
The -d option to sudoreplay corresponds to the iolog_dir option, not iolog_file.  Sudoreplay should probably parse sudoers and read those values itself so you don't need to pass an option.
Comment 2 johnyip 2011-03-03 20:57:23 MST 
Hi,

Thanks for the quick response.
No, seeems not the case. This is how iolog_file is set:

...
# Defaults env_keep += "XDG_SESSION_COOKIE"
# Defaults env_keep += "XMODIFIERS GTK_IM_MODULE QT_IM_MODULE QT_IM_SWITCHER"
Defaults log_output
Defaults log_input
Defaults iolog_file=%{hostname}.%y%m%d-%H%M%S.%{user}.%{command}
# Defaults!/usr/bin/sudoreplay !log_output
# Defaults!/usr/local/bin/sudoreplay !log_output
...


[root@sins113045 sudo-io]# pwd
/var/log/sudo-io
[root@sins113045 sudo-io]# ls -l
total 8
drwx------  2 root secgrp 4096 Mar  3 16:14 sins113045.110303-161413.secjyip.bash
drwx------  2 root secgrp 4096 Mar  4 09:15 sins113045.110304-091544.secjyip.ksh
[root@sins113045 sudo-io]#
[root@sins113045 sudo-io]# sudoreplay -V
sudoreplay version 1.8.0
[root@sins113045 sudo-io]# sudoreplay -l
[root@sins113045 sudo-io]# sudoreplay -d /var/log/sudo-io
usage: sudoreplay [-h] [-d directory] [-m max_wait] [-s speed_factor] ID
usage: sudoreplay [-h] [-d directory] -l [search expression]
[root@sins113045 sudo-io]# sudoreplay -d /var/log/sudo-io -l
[root@sins113045 sudo-io]# ls -l sins113045.110304-091544.secjyip.ksh
total 28
-rw-------  1 root secgrp  59 Mar  4 09:15 log
-rw-------  1 root secgrp  20 Mar  4 09:15 stderr
-rw-------  1 root secgrp  20 Mar  4 09:15 stdin
-rw-------  1 root secgrp  20 Mar  4 09:15 stdout
-rw-------  1 root secgrp 283 Mar  4 09:15 timing
-rw-------  1 root secgrp  48 Mar  4 09:15 ttyin
-rw-------  1 root secgrp 408 Mar  4 09:15 ttyout
[root@sins113045 sudo-io]#

Hope the above helps. There seems to be no ID.

Cheers
John




(In reply to comment #1)
> The -d option to sudoreplay corresponds to the iolog_dir option, not
> iolog_file.  Sudoreplay should probably parse sudoers and read those
> values itself so you don't need to pass an option.
Comment 3 Todd C. Miller 2011-03-04 10:44:22 MST 
Currently, sudoreplay does not know about the iolog_file or iolog_dir settings in sudoers, it expects a 6 digit base-36 number.  I'll look into making it more flexible in this regard.
Comment 4 Todd C. Miller 2011-03-04 20:14:10 MST 
Created attachment 306 [details]
Patch to allow sudoreplay to work with arbitrary iolog_file settings

With the attached patch you should be able to see the sessions with "sudoreplay -l" and be able to replay them with, e.g. "sudoreplay sins113045.110304-091544.secjyip.ksh"
Comment 5 Todd C. Miller 2011-03-22 09:46:45 MDT 
This is fixed in 1.8.1 which is currently in beta test, see
http://www.sudo.ws/sudo/devel.html
Comment 6 Todd C. Miller 2011-04-11 08:05:35 MDT 
Fixed in sudo 1.8.1