Bug 572 – sudoreplay -l does not list sessions

Bug 572 - sudoreplay -l does not list sessions


Summary:	sudoreplay -l does not list sessions

Status:	RESOLVED FIXED

Product:	Sudo
Classification:	Unclassified
Component:	Sudoreplay
Version:	1.8.6
Hardware:	PC Linux

Importance:	low normal
Assigned To:	Todd C. Miller

URL:

Depends on:
Blocks:
	Show dependency tree / graph

Reported:	2012-09-17 09:05 MDT by Juergen Sprenger
Modified:	2012-09-18 14:47 MDT (History)
CC List:	0 users

See Also:

Attachments
Diff to check for DT_UNKNOWN in d_type (1.26 KB, patch) 2012-09-17 13:22 MDT, Todd C. Miller	Details \| Diff
Add an attachment (proposed patch, testcase, etc.)

Note You need to log in before you can comment on or make changes to this bug.

Description Juergen Sprenger 2012-09-17 09:05:01 MDT

When entering 'sudoreplay -l' nothing will be displayed.

However session-logs can still be replayed if session-id is known.

OS is Gentoo, kernel 3.4.9.

Comment 1 Todd C. Miller 2012-09-17 09:28:45 MDT

Do you have either iolog_dir or iolog_file set in sudoers?

Comment 2 Juergen Sprenger 2012-09-17 09:57:43 MDT

No, I don't have that option set in /etc/sudoers:

Defaults log_output
Defaults!/usr/bin/sudoreplay !log_output
root ALL=(ALL) ALL
%wheel ALL=(ALL) NOPASSWD: ALL

Version 1.8.3p2 was ok, see snippets from traces below.

strace from sudoreplay version 1.8.6p1:

openat(AT_FDCWD, "/var/log/sudo-io", O_RDONLY|O_NONBLOCK|O_DIRECTORY|O_CLOEXEC) = 3
fcntl(3, F_GETFD)                       = 0x1 (flags FD_CLOEXEC)
getdents(3, /* 4 entries */, 32768)     = 96
getdents(3, /* 0 entries */, 32768)     = 0
close(3)                                = 0
exit_group(0)                           = ?
+++ exited with 0 +++

strace from sudoreplay version 1.8.3p2:

openat(AT_FDCWD, "/var/log/sudo-io", O_RDONLY|O_NONBLOCK|O_DIRECTORY|O_CLOEXEC) = 3
fcntl(3, F_GETFD)                       = 0x1 (flags FD_CLOEXEC)
getdents(3, /* 4 entries */, 32768)     = 96
lstat("/var/log/sudo-io/seq/log", 0x7fff6b4dbf30) = -1 ENOTDIR (Not a directory)
lstat("/var/log/sudo-io/seq", {st_mode=S_IFREG|0600, st_size=7, ...}) = 0
lstat("/var/log/sudo-io/00/log", 0x7fff6b4dbf30) = -1 ENOENT (No such file or directory)
lstat("/var/log/sudo-io/00", {st_mode=S_IFDIR|0700, st_size=15, ...}) = 0
openat(AT_FDCWD, "/var/log/sudo-io/00", O_RDONLY|O_NONBLOCK|O_DIRECTORY|O_CLOEXEC) = 4
... (continued)

Comment 3 Todd C. Miller 2012-09-17 11:21:45 MDT

Starting in sudo 1.8.5, sudoreplay will read all the potential I/O log directories and sort them in -l mode.  That's why you see the two getdents calls.  Based on the second trace it looks like nothing is being added to the sessions list.

Can you check whether /usr/include/bits/dirent.h defines _DIRENT_HAVE_D_TYPE?  You might also try commenting out the:

#define HAVE_STRUCT_DIRENT_D_TYPE 1

in config.h and see if the resulting sudoreplay has the same problem.

Comment 4 Todd C. Miller 2012-09-17 13:22:08 MDT

Created attachment 356 [details]
Diff to check for DT_UNKNOWN in d_type

I believe the attached patch will fix the problem.

Comment 5 Juergen Sprenger 2012-09-18 02:12:44 MDT

Patch applied, problem is fixed.

Thank You very much for quick response and solution.

Comment 6 Todd C. Miller 2012-09-18 14:47:54 MDT

Sudo 1.8.6p3 is available now and includes the patch.