Add "json_pretty" log format, currently the same as "json".

In a future version, "json" will be an alias for "json_compact" instead. GitHub issue #357.
sudo-project · Mar 9, 2024 · 46e31a7 · 46e31a7
1 parent 1debad3
commit 46e31a7
Show file tree

Hide file tree

Showing 14 changed files with 127 additions and 84 deletions.
diff --git a/docs/sudo_logsrvd.conf.man.in b/docs/sudo_logsrvd.conf.man.in
@@ -16,7 +16,7 @@
 .\" ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF
 .\" OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
 .\"
-.TH "SUDO_LOGSRVD.CONF" "@mansectform@" "March 8, 2024" "Sudo @PACKAGE_VERSION@" "File Formats Manual"
+.TH "SUDO_LOGSRVD.CONF" "@mansectform@" "March 9, 2024" "Sudo @PACKAGE_VERSION@" "File Formats Manual"
 .nh
 .if n .ad l
 .SH "NAME"
@@ -688,30 +688,40 @@ Supported log formats are:
 .PD 0
 .TP 6n
 json
-Log events in JSON format.
-The JSON log entries contain the full contents of the accept, reject, exit
+Currently, this is an alias for
+\fIjson_pretty\fR.
+In a future version of
+\fBsudo_logsrvd\fR,
+\fIjson\fR
+will be equivalent to
+\fIjson_compact\fR.
+JSON log entries contain the full contents of the accept, reject, exit
 and alert messages.
-When logging to a file, the entire file is treated as a single JSON
-object consisting of multiple events, each event spanning multiple lines.
-When logging via
-\fIsyslog\fR,
-events are stored in compact (minified) format, described below.
 .PD
 .TP 6n
 json_compact
-Log events in compact (minified) JSON format.
+Log events in
+\(lqcompact\(rq
+(minified) JSON format.
 Each event is written as a separate JSON object on single line without
 extraneous white space.
+Due to limitations of the protocol, JSON events sent via
+\fIsyslog\fR
+may be truncated.
+.TP 6n
+json_pretty
+Log events in
+\(lqpretty\(rq
+JSON format.
+When logging to a file, the entire file is treated as a single JSON
+object consisting of multiple events, each event spanning multiple lines.
 When logging via
 \fIsyslog\fR,
 there is no difference between the
-\fIjson\fR
+\fIjson_pretty\fR
 and
 \fIjson_compact\fR
 formats.
-Due to limitations of the protocol, JSON events sent via
-\fIsyslog\fR
-may be truncated.
 .TP 6n
 sudo
 Log events in traditional sudo-style log format.

diff --git a/docs/sudo_logsrvd.conf.mdoc.in b/docs/sudo_logsrvd.conf.mdoc.in
@@ -15,7 +15,7 @@
 .\" ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF
 .\" OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
 .\"
-.Dd March 8, 2024
+.Dd March 9, 2024
 .Dt SUDO_LOGSRVD.CONF @mansectform@
 .Os Sudo @PACKAGE_VERSION@
 .Sh NAME
@@ -614,28 +614,37 @@ The event log format.
 Supported log formats are:
 .Bl -tag -width 4n
 .It json
-Log events in JSON format.
-The JSON log entries contain the full contents of the accept, reject, exit
+Currently, this is an alias for
+.Em json_pretty .
+In a future version of
+.Nm sudo_logsrvd ,
+.Em json
+will be equivalent to
+.Em json_compact .
+JSON log entries contain the full contents of the accept, reject, exit
 and alert messages.
-When logging to a file, the entire file is treated as a single JSON
-object consisting of multiple events, each event spanning multiple lines.
-When logging via
-.Em syslog ,
-events are stored in compact (minified) format, described below.
 .It json_compact
-Log events in compact (minified) JSON format.
+Log events in
+.Dq compact
+(minified) JSON format.
 Each event is written as a separate JSON object on single line without
 extraneous white space.
+Due to limitations of the protocol, JSON events sent via
+.Em syslog
+may be truncated.
+.It json_pretty
+Log events in
+.Dq pretty
+JSON format.
+When logging to a file, the entire file is treated as a single JSON
+object consisting of multiple events, each event spanning multiple lines.
 When logging via
 .Em syslog ,
 there is no difference between the
-.Em json
+.Em json_pretty
 and
 .Em json_compact
 formats.
-Due to limitations of the protocol, JSON events sent via
-.Em syslog
-may be truncated.
 .It sudo
 Log events in traditional sudo-style log format.
 See the

diff --git a/docs/sudoers.man.in b/docs/sudoers.man.in
@@ -25,7 +25,7 @@
 .nr BA @BAMAN@
 .nr LC @LCMAN@
 .nr PS @PSMAN@
-.TH "SUDOERS" "@mansectform@" "March 8, 2024" "Sudo @PACKAGE_VERSION@" "File Formats Manual"
+.TH "SUDOERS" "@mansectform@" "March 9, 2024" "Sudo @PACKAGE_VERSION@" "File Formats Manual"
 .nh
 .if n .ad l
 .SH "NAME"
@@ -5381,30 +5381,40 @@ Supported log formats are:
 .PD 0
 .TP 6n
 json
-Log events in JSON format.
+Currently, this is an alias for
+\fIjson_pretty\fR.
+In a future version of
+\fBsudo\fR,
+\fIjson\fR
+will be equivalent to
+\fIjson_compact\fR.
 JSON log entries contain the full user details as well as the execution
 environment if the command was allowed.
-When logging to a file, the entire file is treated as a single JSON
-object consisting of multiple events, each event spanning multiple lines.
-When logging via
-\fIsyslog\fR,
-events are stored in compact (minified) format, described below.
 .PD
 .TP 6n
 json_compact
-Log events in compact (minified) JSON format.
+Log events in
+\(lqcompact\(rq
+(minified) JSON format.
 Each event is written as a separate JSON object on single line without
 extraneous white space.
+Due to limitations of the protocol, JSON events sent via
+\fIsyslog\fR
+may be truncated.
+.TP 6n
+json_pretty
+Log events in
+\(lqpretty\(rq
+JSON format.
+When logging to a file, the entire file is treated as a single JSON
+object consisting of multiple events, each event spanning multiple lines.
 When logging via
 \fIsyslog\fR,
 there is no difference between the
-\fIjson\fR
+\fIjson_pretty\fR
 and
 \fIjson_compact\fR
 formats.
-Due to limitations of the protocol, JSON events sent via
-\fIsyslog\fR
-may be truncated.
 .TP 6n
 sudo
 Log events in traditional sudo-style format, see

diff --git a/docs/sudoers.mdoc.in b/docs/sudoers.mdoc.in
@@ -25,7 +25,7 @@
 .nr BA @BAMAN@
 .nr LC @LCMAN@
 .nr PS @PSMAN@
-.Dd March 8, 2024
+.Dd March 9, 2024
 .Dt SUDOERS @mansectform@
 .Os Sudo @PACKAGE_VERSION@
 .Sh NAME
@@ -5054,28 +5054,37 @@ The event log format.
 Supported log formats are:
 .Bl -tag -width 4n
 .It json
-Log events in JSON format.
+Currently, this is an alias for
+.Em json_pretty .
+In a future version of
+.Nm sudo ,
+.Em json
+will be equivalent to
+.Em json_compact .
 JSON log entries contain the full user details as well as the execution
 environment if the command was allowed.
-When logging to a file, the entire file is treated as a single JSON
-object consisting of multiple events, each event spanning multiple lines.
-When logging via
-.Em syslog ,
-events are stored in compact (minified) format, described below.
 .It json_compact
-Log events in compact (minified) JSON format.
+Log events in
+.Dq compact
+(minified) JSON format.
 Each event is written as a separate JSON object on single line without
 extraneous white space.
+Due to limitations of the protocol, JSON events sent via
+.Em syslog
+may be truncated.
+.It json_pretty
+Log events in
+.Dq pretty
+JSON format.
+When logging to a file, the entire file is treated as a single JSON
+object consisting of multiple events, each event spanning multiple lines.
 When logging via
 .Em syslog ,
 there is no difference between the
-.Em json
+.Em json_pretty
 and
 .Em json_compact
 formats.
-Due to limitations of the protocol, JSON events sent via
-.Em syslog
-may be truncated.
 .It sudo
 Log events in traditional sudo-style format, see
 .Sx "EVENT LOGGING"

diff --git a/include/sudo_eventlog.h b/include/sudo_eventlog.h
@@ -44,7 +44,8 @@ enum event_type {
 enum eventlog_format {
     EVLOG_SUDO,
     EVLOG_JSON,
-    EVLOG_JSON_COMPACT
+    EVLOG_JSON_COMPACT,
+    EVLOG_JSON_PRETTY
 };
 
 /* Eventlog flag values. */

diff --git a/lib/eventlog/eventlog.c b/lib/eventlog/eventlog.c
@@ -1132,6 +1132,7 @@ do_syslog(int event_type, int flags, struct eventlog_args *args,
 	break;
     case EVLOG_JSON:
     case EVLOG_JSON_COMPACT:
+    case EVLOG_JSON_PRETTY:
 	ret = do_syslog_json(pri, event_type, args, evlog);
 	break;
     default:
@@ -1304,6 +1305,7 @@ do_logfile(int event_type, int flags, struct eventlog_args *args,
 	break;
     case EVLOG_JSON:
     case EVLOG_JSON_COMPACT:
+    case EVLOG_JSON_PRETTY:
 	ret = do_logfile_json(evl_conf->format, event_type, args, evlog);
 	break;
     default:

diff --git a/logsrvd/logsrvd_conf.c b/logsrvd/logsrvd_conf.c
@@ -905,6 +905,8 @@ cb_eventlog_format(struct logsrvd_config *config, const char *str, size_t offset
 	config->eventlog.log_format = EVLOG_JSON;
     else if (strcmp(str, "json_compact") == 0)
 	config->eventlog.log_format = EVLOG_JSON_COMPACT;
+    else if (strcmp(str, "json_pretty") == 0)
+	config->eventlog.log_format = EVLOG_JSON_PRETTY;
     else if (strcmp(str, "sudo") == 0)
 	config->eventlog.log_format = EVLOG_SUDO;
     else

diff --git a/plugins/sudoers/def_data.c b/plugins/sudoers/def_data.c
@@ -42,6 +42,7 @@ static struct def_values def_data_log_format[] = {
     { "sudo", sudo },
     { "json", json },
     { "json_compact", json_compact },
+    { "json_pretty", json_pretty },
     { NULL, 0 },
 };
 

diff --git a/plugins/sudoers/def_data.h b/plugins/sudoers/def_data.h
@@ -339,6 +339,7 @@ enum def_tuple {
     sudo,
     json,
     json_compact,
+    json_pretty,
     dso,
     trace
 };
diff --git a/plugins/sudoers/def_data.in b/plugins/sudoers/def_data.in
@@ -426,7 +426,7 @@ runchroot
 log_format
 	T_TUPLE
 	"The format of logs to produce: %s"
-	sudo json json_compact
+	sudo json json_compact json_pretty
 selinux
 	T_FLAG
 	"Enable SELinux RBAC support"

diff --git a/plugins/sudoers/logging.c b/plugins/sudoers/logging.c
@@ -1132,29 +1132,16 @@ sudoers_log_close(int type, FILE *fp)
 void
 init_eventlog_config(void)
 {
-    enum eventlog_format format;
     int logtype = 0;
     debug_decl(init_eventlog_config, SUDOERS_DEBUG_LOGGING);
 
-    switch (def_log_format) {
-    case json:
-	format = EVLOG_JSON;
-	break;
-    case json_compact:
-	format = EVLOG_JSON_COMPACT;
-	break;
-    default:
-	format = EVLOG_SUDO;
-	break;
-    }
-
     if (def_syslog)
 	logtype |= EVLOG_SYSLOG;
     if (def_logfile)
 	logtype |= EVLOG_FILE;
 
+    sudoers_set_log_format(def_log_format);
     eventlog_set_type(logtype);
-    eventlog_set_format(format);
     eventlog_set_syslog_acceptpri(def_syslog_goodpri);
     eventlog_set_syslog_rejectpri(def_syslog_badpri);
     eventlog_set_syslog_alertpri(def_syslog_badpri);

diff --git a/plugins/sudoers/sudoers.c b/plugins/sudoers/sudoers.c
@@ -1554,3 +1554,30 @@ sudoers_get_context(void)
 {
     return &sudoers_ctx;
 }
+
+bool
+sudoers_set_log_format(enum def_tuple tuple)
+{
+    enum eventlog_format format;
+    debug_decl(cb_log_format, SUDOERS_DEBUG_PLUGIN);
+
+    switch (tuple) {
+    case json:
+        format = EVLOG_JSON;
+        break;
+    case json_compact:
+        format = EVLOG_JSON_COMPACT;
+        break;
+    case json_pretty:
+        format = EVLOG_JSON_PRETTY;
+        break;
+    case sudo:
+        format = EVLOG_SUDO;
+        break;
+    default:
+	debug_return_bool(false);
+    }
+    eventlog_set_format(format);
+
+    debug_return_bool(true);
+}
diff --git a/plugins/sudoers/sudoers.h b/plugins/sudoers/sudoers.h
@@ -459,6 +459,7 @@ void sudoers_cleanup(void);
 bool sudoers_override_umask(void);
 const struct sudoers_context *sudoers_get_context(void);
 bool sudoers_set_mode(unsigned int flags, unsigned int mask);
+bool sudoers_set_log_format(enum def_tuple tuple);
 
 /* sudoers_ctx_free.c */
 void sudoers_ctx_free(struct sudoers_context *ctx);

diff --git a/plugins/sudoers/sudoers_cb.c b/plugins/sudoers/sudoers_cb.c
@@ -228,24 +228,7 @@ static bool
 cb_log_format(struct sudoers_context *ctx, const char *file,
     int line, int column, const union sudo_defs_val *sd_un, int op)
 {
-    enum eventlog_format format;
-    debug_decl(cb_log_format, SUDOERS_DEBUG_PLUGIN);
-
-    switch (sd_un->tuple) {
-    case json:
-	format = EVLOG_JSON;
-	break;
-    case json_compact:
-	format = EVLOG_JSON_COMPACT;
-	break;
-    default:
-	format = EVLOG_SUDO;
-	break;
-    }
-
-    eventlog_set_format(format);
-
-    debug_return_bool(true);
+    return sudoers_set_log_format(sd_un->tuple);
 }
 
 static bool