Bug 572

Summary: sudoreplay -l does not list sessions
Product: Sudo Reporter: Juergen Sprenger <juergen.sprenger>
Component: SudoreplayAssignee: Todd C. Miller <Todd.Miller>
Status: RESOLVED FIXED    
Severity: normal    
Priority: low    
Version: 1.8.6   
Hardware: PC   
OS: Linux   
Attachments: Diff to check for DT_UNKNOWN in d_type

Description Juergen Sprenger 2012-09-17 09:05:01 MDT 
When entering 'sudoreplay -l' nothing will be displayed.

However session-logs can still be replayed if session-id is known.

OS is Gentoo, kernel 3.4.9.
Comment 1 Todd C. Miller 2012-09-17 09:28:45 MDT 
Do you have either iolog_dir or iolog_file set in sudoers?
Comment 2 Juergen Sprenger 2012-09-17 09:57:43 MDT 
No, I don't have that option set in /etc/sudoers:

Defaults log_output
Defaults!/usr/bin/sudoreplay !log_output
root ALL=(ALL) ALL
%wheel ALL=(ALL) NOPASSWD: ALL

Version 1.8.3p2 was ok, see snippets from traces below.

strace from sudoreplay version 1.8.6p1:

openat(AT_FDCWD, "/var/log/sudo-io", O_RDONLY|O_NONBLOCK|O_DIRECTORY|O_CLOEXEC) = 3
fcntl(3, F_GETFD)                       = 0x1 (flags FD_CLOEXEC)
getdents(3, /* 4 entries */, 32768)     = 96
getdents(3, /* 0 entries */, 32768)     = 0
close(3)                                = 0
exit_group(0)                           = ?
+++ exited with 0 +++

strace from sudoreplay version 1.8.3p2:

openat(AT_FDCWD, "/var/log/sudo-io", O_RDONLY|O_NONBLOCK|O_DIRECTORY|O_CLOEXEC) = 3
fcntl(3, F_GETFD)                       = 0x1 (flags FD_CLOEXEC)
getdents(3, /* 4 entries */, 32768)     = 96
lstat("/var/log/sudo-io/seq/log", 0x7fff6b4dbf30) = -1 ENOTDIR (Not a directory)
lstat("/var/log/sudo-io/seq", {st_mode=S_IFREG|0600, st_size=7, ...}) = 0
lstat("/var/log/sudo-io/00/log", 0x7fff6b4dbf30) = -1 ENOENT (No such file or directory)
lstat("/var/log/sudo-io/00", {st_mode=S_IFDIR|0700, st_size=15, ...}) = 0
openat(AT_FDCWD, "/var/log/sudo-io/00", O_RDONLY|O_NONBLOCK|O_DIRECTORY|O_CLOEXEC) = 4
... (continued)
Comment 3 Todd C. Miller 2012-09-17 11:21:45 MDT 
Starting in sudo 1.8.5, sudoreplay will read all the potential I/O log directories and sort them in -l mode.  That's why you see the two getdents calls.  Based on the second trace it looks like nothing is being added to the sessions list.

Can you check whether /usr/include/bits/dirent.h defines _DIRENT_HAVE_D_TYPE?  You might also try commenting out the:

#define HAVE_STRUCT_DIRENT_D_TYPE 1

in config.h and see if the resulting sudoreplay has the same problem.
Comment 4 Todd C. Miller 2012-09-17 13:22:08 MDT 
Created attachment 356 [details]
Diff to check for DT_UNKNOWN in d_type

I believe the attached patch will fix the problem.
Comment 5 Juergen Sprenger 2012-09-18 02:12:44 MDT 
Patch applied, problem is fixed.

Thank You very much for quick response and solution.
Comment 6 Todd C. Miller 2012-09-18 14:47:54 MDT 
Sudo 1.8.6p3 is available now and includes the patch.