Use a relative, not absolute, path in the log ID.

This introduces the concept of the iolog base dir, which is the
iolog dir but with no escapes.  For example, if the iolog dir is
/var/log/sudo-io/%{host}, the base dir is /var/log/sudo-io and the
log ID will contain the expanded host as part of the expanded
iolog file name.

Author: millert

logsrvd/logsrvd.h

@@ -209,6 +209,7 @@ struct connection_closure *connection_closure_alloc(int fd, bool tls, bool relay
 
 /* logsrvd_conf.c */
 bool logsrvd_conf_read(const char *path);
+const char *logsrvd_conf_iolog_base(void);
 const char *logsrvd_conf_iolog_dir(void);
 const char *logsrvd_conf_iolog_file(void);
 bool logsrvd_conf_iolog_log_passwords(void);

logsrvd/logsrvd_conf.c

@@ -153,6 +153,7 @@ static struct logsrvd_config {
 	gid_t gid;
 	mode_t mode;
 	unsigned int maxseq;
+	char *iolog_base;
 	char *iolog_dir;
 	char *iolog_file;
 	void *passprompt_regex;
@@ -205,6 +206,12 @@ logsrvd_conf_iolog_mode(void)
     return logsrvd_config->iolog.mode;
 }
 
+const char *
+logsrvd_conf_iolog_base(void)
+{
+    return logsrvd_config->iolog.iolog_base;
+}
+
 const char *
 logsrvd_conf_iolog_dir(void)
 {
@@ -345,14 +352,36 @@ logsrvd_conf_relay_tls_check_peer(void)
 static bool
 cb_iolog_dir(struct logsrvd_config *config, const char *path, size_t offset)
 {
+    size_t base_len = 0;
     debug_decl(cb_iolog_dir, SUDO_DEBUG_UTIL);
 
     free(config->iolog.iolog_dir);
-    if ((config->iolog.iolog_dir = strdup(path)) == NULL) {
-	sudo_warnx(U_("%s: %s"), __func__, U_("unable to allocate memory"));
-	debug_return_bool(false);
+    if ((config->iolog.iolog_dir = strdup(path)) == NULL)
+	goto oom;
+
+    /*
+     * iolog_base is the portion of iolog_dir that contains no escapes.
+     * This is used to create a relative path for the log id.
+     */
+    for (;;) {
+	base_len += strcspn(path + base_len, "%");
+	if (path[base_len] == '\0')
+	    break;
+	if (path[base_len + 1] == '{') {
+	    /* We want the base to end on a directory boundary. */
+	    while (base_len > 0 && path[base_len] != '/')
+		base_len--;
+	    break;
+	}
+	base_len++;
     }
+    if ((config->iolog.iolog_base = strndup(path, base_len)) == NULL)
+	goto oom;
+
     debug_return_bool(true);
+oom:
+    sudo_warnx(U_("%s: %s"), __func__, U_("unable to allocate memory"));
+    debug_return_bool(false);
 }
 
 static bool

logsrvd/logsrvd_local.c

@@ -1,7 +1,7 @@
 /*
  * SPDX-License-Identifier: ISC
  *
- * Copyright (c) 2019-2022 Todd C. Miller <[email protected]>
+ * Copyright (c) 2019-2025 Todd C. Miller <[email protected]>
  *
  * Permission to use, copy, modify, and distribute this software for any
  * purpose with or without fee is hereby granted, provided that the above
@@ -224,9 +224,13 @@ store_accept_local(const AcceptMessage *msg, const uint8_t *buf, size_t len,
     }
 
     if (new_session && closure->log_io) {
-	/* Send log ID to client for restarting connections. */
-	if (!fmt_log_id_message(closure->uuid, closure->evlog->iolog_path,
-		closure))
+	/*
+	 * Send log ID to client for restarting connections.
+	 * Note that iolog_base has no trailing '/'.
+	 */
+	const char *relative_path = closure->evlog->iolog_path +
+	    strlen(logsrvd_conf_iolog_base()) + 1;
+	if (!fmt_log_id_message(closure->uuid, relative_path, closure))
 	    goto done;
 	if (sudo_ev_add(closure->evbase, closure->write_ev,
 		logsrvd_conf_server_timeout(), false) == -1) {
@@ -456,7 +460,7 @@ static char *
 decode_log_id(const char *b64_log_id, unsigned char uuid[restrict static 16])
 {
     unsigned char log_id_buf[PATH_MAX + 16];
-    char *path;
+    char *path, *ret;
     size_t len;
     debug_decl(decode_log_id, SUDO_DEBUG_UTIL);
 
@@ -480,11 +484,12 @@ decode_log_id(const char *b64_log_id, unsigned char uuid[restrict static 16])
 	debug_return_str(NULL);
     }
 
-    /* The caller is responsible for freeing path */
-    path = strdup(path);
-    if (path == NULL)
+    /* The log_id path is relative to iolog_base. */
+    if (asprintf(&ret, "%s/%s", logsrvd_conf_iolog_base(), path) == -1) {
+	ret = NULL;
 	sudo_warnx(U_("%s: %s"), __func__, U_("unable to allocate memory"));
-    debug_return_str(path);
+    }
+    debug_return_str(ret);
 }
 
 /*