isa/sudo
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Use sudo_warnx?() instead of sudo_debug_printf for errors.

Browse Source 
We now hook the warn functions so the messages are logged.
The messages still show up in the debug log too.
This commit is contained in:
Todd C. Miller
2021-06-15 13:58:12 -06:00
parent cc3b4ffb04
commit 5a3bbba12b
10 changed files with 330 additions and 482 deletions
Download Patch File Download Diff File Expand all files Collapse all files

262
logsrvd/iolog_writer.c
View File

@@ -43,6 +43,7 @@
#include "sudo_eventlog.h"
#include "sudo_gettext.h"
#include "sudo_iolog.h"
#include "sudo_fatal.h"
#include "sudo_queue.h"
#include "sudo_util.h"
@@ -81,14 +82,12 @@ strlist_copy(InfoMessage__StringList *strlist)
dst = reallocarray(NULL, len + 1, sizeof(char *));
if (dst == NULL) {
sudo_debug_printf(SUDO_DEBUG_ERROR|SUDO_DEBUG_LINENO|SUDO_DEBUG_ERRNO,
"reallocarray(NULL, %zu, %zu)", len + 1, sizeof(char *));
sudo_warnx(U_("%s: %s"), __func__, U_("unable to allocate memory"));
goto bad;
}
for (i = 0; i < len; i++) {
if ((dst[i] = strdup(src[i])) == NULL) {
sudo_debug_printf(
SUDO_DEBUG_ERROR|SUDO_DEBUG_LINENO|SUDO_DEBUG_ERRNO, "strdup");
sudo_warnx(U_("%s: %s"), __func__, U_("unable to allocate memory"));
goto bad;
}
}
@@ -113,14 +112,15 @@ struct eventlog *
evlog_new(TimeSpec *submit_time, InfoMessage **info_msgs, size_t infolen,
struct connection_closure *closure)
{
const char *source = closure->journal_path ? closure->journal_path :
closure->ipaddr;
struct eventlog *evlog;
size_t idx;
debug_decl(evlog_new, SUDO_DEBUG_UTIL);
evlog = calloc(1, sizeof(*evlog));
if (evlog == NULL) {
sudo_debug_printf(SUDO_DEBUG_ERROR|SUDO_DEBUG_LINENO|SUDO_DEBUG_ERRNO,
"calloc(1, %zu)", sizeof(*evlog));
sudo_warnx(U_("%s: %s"), __func__, U_("unable to allocate memory"));
goto bad;
}
@@ -147,11 +147,11 @@ evlog_new(TimeSpec *submit_time, InfoMessage **info_msgs, size_t infolen,
case 'c':
if (strcmp(key, "columns") == 0) {
if (!has_numval(info)) {
sudo_debug_printf(SUDO_DEBUG_ERROR|SUDO_DEBUG_LINENO,
"columns specified but not a number");
sudo_warnx(U_("%s: protocol error: wrong type for %s"),
source, "columns");
} else if (info->u.numval <= 0 || info->u.numval > INT_MAX) {
sudo_debug_printf(SUDO_DEBUG_ERROR|SUDO_DEBUG_LINENO,
"columns (%" PRId64 ") out of range", info->u.numval);
errno = ERANGE;
sudo_warn(U_("%s: %s"), source, "columns");
} else {
evlog->columns = info->u.numval;
}
@@ -160,14 +160,13 @@ evlog_new(TimeSpec *submit_time, InfoMessage **info_msgs, size_t infolen,
if (strcmp(key, "command") == 0) {
if (has_strval(info)) {
if ((evlog->command = strdup(info->u.strval)) == NULL) {
sudo_debug_printf(
SUDO_DEBUG_ERROR|SUDO_DEBUG_LINENO|SUDO_DEBUG_ERRNO,
"strdup");
sudo_warnx(U_("%s: %s"), __func__,
U_("unable to allocate memory"));
goto bad;
}
} else {
sudo_debug_printf(SUDO_DEBUG_ERROR|SUDO_DEBUG_LINENO,
"command specified but not a string");
sudo_warnx(U_("%s: protocol error: wrong type for %s"),
source, "command");
}
continue;
}
@@ -175,11 +174,11 @@ evlog_new(TimeSpec *submit_time, InfoMessage **info_msgs, size_t infolen,
case 'l':
if (strcmp(key, "lines") == 0) {
if (!has_numval(info)) {
sudo_debug_printf(SUDO_DEBUG_ERROR|SUDO_DEBUG_LINENO,
"lines specified but not a number");
sudo_warnx(U_("%s: protocol error: wrong type for %s"),
source, "lines");
} else if (info->u.numval <= 0 || info->u.numval > INT_MAX) {
sudo_debug_printf(SUDO_DEBUG_ERROR|SUDO_DEBUG_LINENO,
"lines (%" PRId64 ") out of range", info->u.numval);
errno = ERANGE;
sudo_warn(U_("%s: %s"), source, "lines");
} else {
evlog->lines = info->u.numval;
}
@@ -193,36 +192,34 @@ evlog_new(TimeSpec *submit_time, InfoMessage **info_msgs, size_t infolen,
if (evlog->argv == NULL)
goto bad;
} else {
sudo_debug_printf(SUDO_DEBUG_ERROR|SUDO_DEBUG_LINENO,
"runargv specified but not a string list");
sudo_warnx(U_("%s: protocol error: wrong type for %s"),
source, "runargv");
}
continue;
}
if (strcmp(key, "runchroot") == 0) {
if (has_strval(info)) {
if ((evlog->runchroot = strdup(info->u.strval)) == NULL) {
sudo_debug_printf(
SUDO_DEBUG_ERROR|SUDO_DEBUG_LINENO|SUDO_DEBUG_ERRNO,
"strdup");
sudo_warnx(U_("%s: %s"), __func__,
U_("unable to allocate memory"));
goto bad;
}
} else {
sudo_debug_printf(SUDO_DEBUG_ERROR|SUDO_DEBUG_LINENO,
"runchroot specified but not a string");
sudo_warnx(U_("%s: protocol error: wrong type for %s"),
source, "runchroot");
}
continue;
}
if (strcmp(key, "runcwd") == 0) {
if (has_strval(info)) {
if ((evlog->runcwd = strdup(info->u.strval)) == NULL) {
sudo_debug_printf(
SUDO_DEBUG_ERROR|SUDO_DEBUG_LINENO|SUDO_DEBUG_ERRNO,
"strdup");
sudo_warnx(U_("%s: %s"), __func__,
U_("unable to allocate memory"));
goto bad;
}
} else {
sudo_debug_printf(SUDO_DEBUG_ERROR|SUDO_DEBUG_LINENO,
"runcwd specified but not a string");
sudo_warnx(U_("%s: protocol error: wrong type for %s"),
source, "runcwd");
}
continue;
}
@@ -232,18 +229,18 @@ evlog_new(TimeSpec *submit_time, InfoMessage **info_msgs, size_t infolen,
if (evlog->envp == NULL)
goto bad;
} else {
sudo_debug_printf(SUDO_DEBUG_ERROR|SUDO_DEBUG_LINENO,
"runenv specified but not a string list");
sudo_warnx(U_("%s: protocol error: wrong type for %s"),
source, "runenv");
}
continue;
}
if (strcmp(key, "rungid") == 0) {
if (!has_numval(info)) {
sudo_debug_printf(SUDO_DEBUG_ERROR|SUDO_DEBUG_LINENO,
"rungid specified but not a number");
sudo_warnx(U_("%s: protocol error: wrong type for %s"),
source, "rungid");
} else if (info->u.numval < 0 || info->u.numval > INT_MAX) {
sudo_debug_printf(SUDO_DEBUG_ERROR|SUDO_DEBUG_LINENO,
"rungid (%" PRId64 ") out of range", info->u.numval);
errno = ERANGE;
sudo_warn(U_("%s: %s"), source, "rungid");
} else {
evlog->rungid = info->u.numval;
}
@@ -252,24 +249,23 @@ evlog_new(TimeSpec *submit_time, InfoMessage **info_msgs, size_t infolen,
if (strcmp(key, "rungroup") == 0) {
if (has_strval(info)) {
if ((evlog->rungroup = strdup(info->u.strval)) == NULL) {
sudo_debug_printf(
SUDO_DEBUG_ERROR|SUDO_DEBUG_LINENO|SUDO_DEBUG_ERRNO,
"strdup");
sudo_warnx(U_("%s: %s"), __func__,
U_("unable to allocate memory"));
goto bad;
}
} else {
sudo_debug_printf(SUDO_DEBUG_ERROR|SUDO_DEBUG_LINENO,
"rungroup specified but not a string");
sudo_warnx(U_("%s: protocol error: wrong type for %s"),
source, "rungroup");
}
continue;
}
if (strcmp(key, "runuid") == 0) {
if (!has_numval(info)) {
sudo_debug_printf(SUDO_DEBUG_ERROR|SUDO_DEBUG_LINENO,
"runuid specified but not a number");
sudo_warnx(U_("%s: protocol error: wrong type for %s"),
source, "runuid");
} else if (info->u.numval < 0 || info->u.numval > INT_MAX) {
sudo_debug_printf(SUDO_DEBUG_ERROR|SUDO_DEBUG_LINENO,
"runuid (%" PRId64 ") out of range", info->u.numval);
errno = ERANGE;
sudo_warn(U_("%s: %s"), source, "runuid");
} else {
evlog->runuid = info->u.numval;
}
@@ -278,14 +274,13 @@ evlog_new(TimeSpec *submit_time, InfoMessage **info_msgs, size_t infolen,
if (strcmp(key, "runuser") == 0) {
if (has_strval(info)) {
if ((evlog->runuser = strdup(info->u.strval)) == NULL) {
sudo_debug_printf(
SUDO_DEBUG_ERROR|SUDO_DEBUG_LINENO|SUDO_DEBUG_ERRNO,
"strdup");
sudo_warnx(U_("%s: %s"), __func__,
U_("unable to allocate memory"));
goto bad;
}
} else {
sudo_debug_printf(SUDO_DEBUG_ERROR|SUDO_DEBUG_LINENO,
"runuser specified but not a string");
sudo_warnx(U_("%s: protocol error: wrong type for %s"),
source, "runuser");
}
continue;
}
@@ -294,56 +289,52 @@ evlog_new(TimeSpec *submit_time, InfoMessage **info_msgs, size_t infolen,
if (strcmp(key, "submitcwd") == 0) {
if (has_strval(info)) {
if ((evlog->cwd = strdup(info->u.strval)) == NULL) {
sudo_debug_printf(
SUDO_DEBUG_ERROR|SUDO_DEBUG_LINENO|SUDO_DEBUG_ERRNO,
"strdup");
sudo_warnx(U_("%s: %s"), __func__,
U_("unable to allocate memory"));
goto bad;
}
} else {
sudo_debug_printf(SUDO_DEBUG_ERROR|SUDO_DEBUG_LINENO,
"submitcwd specified but not a string");
sudo_warnx(U_("%s: protocol error: wrong type for %s"),
source, "submitcwd");
}
continue;
}
if (strcmp(key, "submitgroup") == 0) {
if (has_strval(info)) {
if ((evlog->submitgroup = strdup(info->u.strval)) == NULL) {
sudo_debug_printf(
SUDO_DEBUG_ERROR|SUDO_DEBUG_LINENO|SUDO_DEBUG_ERRNO,
"strdup");
sudo_warnx(U_("%s: %s"), __func__,
U_("unable to allocate memory"));
goto bad;
}
} else {
sudo_debug_printf(SUDO_DEBUG_ERROR|SUDO_DEBUG_LINENO,
"submitgroup specified but not a string");
sudo_warnx(U_("%s: protocol error: wrong type for %s"),
source, "submitgroup");
}
continue;
}
if (strcmp(key, "submithost") == 0) {
if (has_strval(info)) {
if ((evlog->submithost = strdup(info->u.strval)) == NULL) {
sudo_debug_printf(
SUDO_DEBUG_ERROR|SUDO_DEBUG_LINENO|SUDO_DEBUG_ERRNO,
"strdup");
sudo_warnx(U_("%s: %s"), __func__,
U_("unable to allocate memory"));
goto bad;
}
} else {
sudo_debug_printf(SUDO_DEBUG_ERROR|SUDO_DEBUG_LINENO,
"submithost specified but not a string");
sudo_warnx(U_("%s: protocol error: wrong type for %s"),
source, "submithost");
}
continue;
}
if (strcmp(key, "submituser") == 0) {
if (has_strval(info)) {
if ((evlog->submituser = strdup(info->u.strval)) == NULL) {
sudo_debug_printf(
SUDO_DEBUG_ERROR|SUDO_DEBUG_LINENO|SUDO_DEBUG_ERRNO,
"strdup");
sudo_warnx(U_("%s: %s"), __func__,
U_("unable to allocate memory"));
goto bad;
}
} else {
sudo_debug_printf(SUDO_DEBUG_ERROR|SUDO_DEBUG_LINENO,
"submituser specified but not a string");
sudo_warnx(U_("%s: protocol error: wrong type for %s"),
source, "submituser");
}
continue;
}
@@ -352,14 +343,13 @@ evlog_new(TimeSpec *submit_time, InfoMessage **info_msgs, size_t infolen,
if (strcmp(key, "ttyname") == 0) {
if (has_strval(info)) {
if ((evlog->ttyname = strdup(info->u.strval)) == NULL) {
sudo_debug_printf(
SUDO_DEBUG_ERROR|SUDO_DEBUG_LINENO|SUDO_DEBUG_ERRNO,
"strdup");
sudo_warnx(U_("%s: %s"), __func__,
U_("unable to allocate memory"));
goto bad;
}
} else {
sudo_debug_printf(SUDO_DEBUG_ERROR|SUDO_DEBUG_LINENO,
"ttyname specified but not a string");
sudo_warnx(U_("%s: protocol error: wrong type for %s"),
source, "ttyname");
}
continue;
}
@@ -369,57 +359,49 @@ evlog_new(TimeSpec *submit_time, InfoMessage **info_msgs, size_t infolen,
/* Check for required settings */
if (evlog->submituser == NULL) {
sudo_debug_printf(SUDO_DEBUG_ERROR|SUDO_DEBUG_LINENO,
"missing submituser in AcceptMessage");
sudo_warnx(U_("%s: protocol error: %s missing from AcceptMessage"),
source, "submituser");
goto bad;
}
if (evlog->submithost == NULL) {
sudo_debug_printf(SUDO_DEBUG_ERROR|SUDO_DEBUG_LINENO,
"missing submithost in AcceptMessage");
sudo_warnx(U_("%s: protocol error: %s missing from AcceptMessage"),
source, "submithost");
goto bad;
}
if (evlog->runuser == NULL) {
sudo_debug_printf(SUDO_DEBUG_ERROR|SUDO_DEBUG_LINENO,
"missing runuser in AcceptMessage");
sudo_warnx(U_("%s: protocol error: %s missing from AcceptMessage"),
source, "runuser");
goto bad;
}
if (evlog->command == NULL) {
sudo_debug_printf(SUDO_DEBUG_ERROR|SUDO_DEBUG_LINENO,
"missing command in AcceptMessage");
sudo_warnx(U_("%s: protocol error: %s missing from AcceptMessage"),
source, "command");
goto bad;
}
/* Other settings that must exist for event logging. */
if (evlog->cwd == NULL) {
if ((evlog->cwd = strdup("unknown")) == NULL) {
sudo_debug_printf(
SUDO_DEBUG_ERROR|SUDO_DEBUG_LINENO|SUDO_DEBUG_ERRNO,
"strdup");
sudo_warnx(U_("%s: %s"), __func__, U_("unable to allocate memory"));
goto bad;
}
}
if (evlog->runcwd == NULL) {
if ((evlog->runcwd = strdup(evlog->cwd)) == NULL) {
sudo_debug_printf(
SUDO_DEBUG_ERROR|SUDO_DEBUG_LINENO|SUDO_DEBUG_ERRNO,
"strdup");
sudo_warnx(U_("%s: %s"), __func__, U_("unable to allocate memory"));
goto bad;
}
}
if (evlog->submitgroup == NULL) {
/* TODO: make submitgroup required */
if ((evlog->submitgroup = strdup("unknown")) == NULL) {
sudo_debug_printf(
SUDO_DEBUG_ERROR|SUDO_DEBUG_LINENO|SUDO_DEBUG_ERRNO,
"strdup");
sudo_warnx(U_("%s: %s"), __func__, U_("unable to allocate memory"));
goto bad;
}
}
if (evlog->ttyname == NULL) {
if ((evlog->ttyname = strdup("unknown")) == NULL) {
sudo_debug_printf(
SUDO_DEBUG_ERROR|SUDO_DEBUG_LINENO|SUDO_DEBUG_ERRNO,
"strdup");
sudo_warnx(U_("%s: %s"), __func__, U_("unable to allocate memory"));
goto bad;
}
}
@@ -453,8 +435,7 @@ fill_seq(char *str, size_t strsize, void *v)
len = snprintf(str, strsize, "%c%c/%c%c/%c%c", sessid[0],
sessid[1], sessid[2], sessid[3], sessid[4], sessid[5]);
if (len < 0 || len >= (ssize_t)strsize) {
sudo_debug_printf(SUDO_DEBUG_ERROR|SUDO_DEBUG_LINENO,
"unable to format session id");
sudo_warnx(U_("%s: unable to format session id"), __func__);
debug_return_size_t(strsize); /* handle non-standard snprintf() */
}
debug_return_size_t(len);
@@ -468,8 +449,7 @@ fill_user(char *str, size_t strsize, void *v)
debug_decl(fill_user, SUDO_DEBUG_UTIL);
if (evlog->submituser == NULL) {
sudo_debug_printf(SUDO_DEBUG_ERROR|SUDO_DEBUG_LINENO,
"submituser not set");
sudo_warnx(U_("%s: %s is not set"), __func__, "submituser");
debug_return_size_t(strsize);
}
debug_return_size_t(strlcpy(str, evlog->submituser, strsize));
@@ -483,8 +463,7 @@ fill_group(char *str, size_t strsize, void *v)
debug_decl(fill_group, SUDO_DEBUG_UTIL);
if (evlog->submitgroup == NULL) {
sudo_debug_printf(SUDO_DEBUG_ERROR|SUDO_DEBUG_LINENO,
"submitgroup not set");
sudo_warnx(U_("%s: %s is not set"), __func__, "submitgroup");
debug_return_size_t(strsize);
}
debug_return_size_t(strlcpy(str, evlog->submitgroup, strsize));
@@ -498,8 +477,7 @@ fill_runas_user(char *str, size_t strsize, void *v)
debug_decl(fill_runas_user, SUDO_DEBUG_UTIL);
if (evlog->runuser == NULL) {
sudo_debug_printf(SUDO_DEBUG_ERROR|SUDO_DEBUG_LINENO,
"runuser not set");
sudo_warnx(U_("%s: %s is not set"), __func__, "runuser");
debug_return_size_t(strsize);
}
debug_return_size_t(strlcpy(str, evlog->runuser, strsize));
@@ -514,8 +492,7 @@ fill_runas_group(char *str, size_t strsize, void *v)
/* FIXME: rungroup not guaranteed to be set */
if (evlog->rungroup == NULL) {
sudo_debug_printf(SUDO_DEBUG_ERROR|SUDO_DEBUG_LINENO,
"rungroup not set");
sudo_warnx(U_("%s: %s is not set"), __func__, "rungroup");
debug_return_size_t(strsize);
}
debug_return_size_t(strlcpy(str, evlog->rungroup, strsize));
@@ -529,8 +506,7 @@ fill_hostname(char *str, size_t strsize, void *v)
debug_decl(fill_hostname, SUDO_DEBUG_UTIL);
if (evlog->submithost == NULL) {
sudo_debug_printf(SUDO_DEBUG_ERROR|SUDO_DEBUG_LINENO,
"submithost not set");
sudo_warnx(U_("%s: %s is not set"), __func__, "submithost");
debug_return_size_t(strsize);
}
debug_return_size_t(strlcpy(str, evlog->submithost, strsize));
@@ -544,8 +520,7 @@ fill_command(char *str, size_t strsize, void *v)
debug_decl(fill_command, SUDO_DEBUG_UTIL);
if (evlog->command == NULL) {
sudo_debug_printf(SUDO_DEBUG_ERROR|SUDO_DEBUG_LINENO,
"command not set");
sudo_warnx(U_("%s: %s is not set"), __func__, "command");
debug_return_size_t(strsize);
}
debug_return_size_t(strlcpy(str, evlog->command, strsize));
@@ -581,15 +556,15 @@ create_iolog_path(struct connection_closure *closure)
if (!expand_iolog_path(logsrvd_conf_iolog_dir(), expanded_dir,
sizeof(expanded_dir), &path_escapes[1], &path_closure)) {
sudo_debug_printf(SUDO_DEBUG_ERROR|SUDO_DEBUG_LINENO,
"unable to expand iolog dir %s", logsrvd_conf_iolog_dir());
sudo_warnx(U_("unable to expand iolog path %s"),
logsrvd_conf_iolog_dir());
goto bad;
}
if (!expand_iolog_path(logsrvd_conf_iolog_file(), expanded_file,
sizeof(expanded_file), &path_escapes[0], &path_closure)) {
sudo_debug_printf(SUDO_DEBUG_ERROR|SUDO_DEBUG_LINENO,
"unable to expand iolog dir %s", logsrvd_conf_iolog_file());
sudo_warnx(U_("unable to expand iolog path %s"),
logsrvd_conf_iolog_file());
goto bad;
}
@@ -597,8 +572,7 @@ create_iolog_path(struct connection_closure *closure)
expanded_file);
if (len >= sizeof(pathbuf)) {
errno = ENAMETOOLONG;
sudo_debug_printf(SUDO_DEBUG_ERROR|SUDO_DEBUG_LINENO|SUDO_DEBUG_ERRNO,
"%s/%s", expanded_dir, expanded_file);
sudo_warn("%s/%s", expanded_dir, expanded_file);
goto bad;
}
@@ -607,13 +581,11 @@ create_iolog_path(struct connection_closure *closure)
* Calls mkdtemp() if pathbuf ends in XXXXXX.
*/
if (!iolog_mkpath(pathbuf)) {
sudo_debug_printf(SUDO_DEBUG_ERROR|SUDO_DEBUG_LINENO|SUDO_DEBUG_ERRNO,
"unable to mkdir iolog path %s", pathbuf);
sudo_warnx(U_("unable to create iolog path %s"), pathbuf);
goto bad;
}
if ((evlog->iolog_path = strdup(pathbuf)) == NULL) {
sudo_debug_printf(SUDO_DEBUG_ERROR|SUDO_DEBUG_LINENO|SUDO_DEBUG_ERRNO,
"strdup");
sudo_warnx(U_("%s: %s"), __func__, U_("unable to allocate memory"));
goto bad;
}
evlog->iolog_file = evlog->iolog_path + strlen(expanded_dir) + 1;
@@ -622,8 +594,7 @@ create_iolog_path(struct connection_closure *closure)
closure->iolog_dir_fd =
iolog_openat(AT_FDCWD, evlog->iolog_path, O_RDONLY);
if (closure->iolog_dir_fd == -1) {
sudo_debug_printf(SUDO_DEBUG_ERROR|SUDO_DEBUG_LINENO|SUDO_DEBUG_ERRNO,
"%s", evlog->iolog_path);
sudo_warn("%s", evlog->iolog_path);
goto bad;
}
@@ -640,8 +611,7 @@ iolog_create(int iofd, struct connection_closure *closure)
debug_decl(iolog_create, SUDO_DEBUG_UTIL);
if (iofd < 0 || iofd >= IOFD_MAX) {
sudo_debug_printf(SUDO_DEBUG_ERROR|SUDO_DEBUG_LINENO,
"invalid iofd %d", iofd);
sudo_warnx(U_("invalid iofd %d"), iofd);
debug_return_bool(false);
}
@@ -661,8 +631,7 @@ iolog_close_all(struct connection_closure *closure)
if (!closure->iolog_files[i].enabled)
continue;
if (!iolog_close(&closure->iolog_files[i], &errstr)) {
sudo_debug_printf(SUDO_DEBUG_ERROR|SUDO_DEBUG_LINENO,
"error closing iofd %d: %s", i, errstr);
sudo_warnx(U_("error closing iofd %d: %s"), i, errstr);
}
}
if (closure->iolog_dir_fd != -1)
@@ -778,8 +747,8 @@ iolog_rewrite(const struct timespec *target, struct connection_closure *closure)
if (timing.event < IOFD_TIMING) {
if (!closure->iolog_files[timing.event].enabled) {
/* Missing log file. */
sudo_debug_printf(SUDO_DEBUG_ERROR|SUDO_DEBUG_LINENO,
"iofd %d referenced but not open", timing.event);
sudo_warnx(U_("invalid I/O log %s: %s referenced but not present"),
evlog->iolog_path, iolog_fd_to_name(timing.event));
goto done;
}
iolog_file_sizes[timing.event] += timing.u.nbytes;
@@ -790,11 +759,8 @@ iolog_rewrite(const struct timespec *target, struct connection_closure *closure)
break;
/* Mismatch between resume point and stored log. */
sudo_debug_printf(SUDO_DEBUG_ERROR|SUDO_DEBUG_LINENO,
"resume point mismatch, target [%lld, %ld], have [%lld, %ld]",
(long long)target->tv_sec, target->tv_nsec,
(long long)closure->elapsed_time.tv_sec,
closure->elapsed_time.tv_nsec);
sudo_warnx(U_("%s: unable to find resume point [%lld, %ld]"),
evlog->iolog_path, (long long)target->tv_sec, target->tv_nsec);
goto done;
}
}
@@ -806,18 +772,16 @@ iolog_rewrite(const struct timespec *target, struct connection_closure *closure)
len = snprintf(tmpdir, sizeof(tmpdir), "%s/restart.XXXXXX",
evlog->iolog_path);
if (len < 0 || len >= ssizeof(tmpdir)) {
sudo_debug_printf(SUDO_DEBUG_ERROR|SUDO_DEBUG_LINENO,
"unable to format %s/restart.XXXXXX", evlog->iolog_path);
errno = ENAMETOOLONG;
sudo_warn("%s/restart.XXXXXX", evlog->iolog_path);
goto done;
}
if (!iolog_mkdtemp(tmpdir)) {
sudo_debug_printf(SUDO_DEBUG_ERROR|SUDO_DEBUG_LINENO|SUDO_DEBUG_ERRNO,
"unable to mkdtemp %s", tmpdir);
sudo_warn(U_("unable to mkdir %s"), tmpdir);
goto done;
}
if ((tmpdir_fd = iolog_openat(AT_FDCWD, tmpdir, O_RDONLY)) == -1) {
sudo_debug_printf(SUDO_DEBUG_ERROR|SUDO_DEBUG_LINENO|SUDO_DEBUG_ERRNO,
"unable to open %s", tmpdir);
sudo_warn(U_("unable to open %s"), tmpdir);
goto done;
}
@@ -829,9 +793,8 @@ iolog_rewrite(const struct timespec *target, struct connection_closure *closure)
new_iolog_files[iofd].enabled = true;
if (!iolog_open(&new_iolog_files[iofd], tmpdir_fd, iofd, "w")) {
if (errno != ENOENT) {
sudo_debug_printf(
SUDO_DEBUG_ERROR|SUDO_DEBUG_LINENO|SUDO_DEBUG_ERRNO,
"unable to open %s/%s", tmpdir, iolog_fd_to_name(iofd));
sudo_warn(U_("unable to open %s/%s"),
tmpdir, iolog_fd_to_name(iofd));
goto done;
}
}
@@ -843,8 +806,7 @@ iolog_rewrite(const struct timespec *target, struct connection_closure *closure)
if (!iolog_copy(&closure->iolog_files[iofd], &new_iolog_files[iofd],
iolog_file_sizes[iofd], &errstr)) {
name = iolog_fd_to_name(iofd);
sudo_debug_printf(SUDO_DEBUG_ERROR|SUDO_DEBUG_LINENO,
"unable to copy %s/%s to %s/%s: %s",
sudo_warnx(U_("unable to copy %s/%s to %s/%s: %s"),
evlog->iolog_path, name, tmpdir, name, errstr);
goto done;
}
@@ -861,21 +823,19 @@ iolog_rewrite(const struct timespec *target, struct connection_closure *closure)
name = iolog_fd_to_name(iofd);
len = snprintf(from, sizeof(from), "%s/%s", tmpdir, name);
if (len < 0 || len >= ssizeof(from)) {
sudo_debug_printf(SUDO_DEBUG_ERROR|SUDO_DEBUG_LINENO,
"unable to format %s/%s", tmpdir, name);
errno = ENAMETOOLONG;
sudo_warn("%s/%s", tmpdir, name);
goto done;
}
len = snprintf(to, sizeof(to), "%s/%s", evlog->iolog_path,
name);
if (len < 0 || len >= ssizeof(from)) {
sudo_debug_printf(SUDO_DEBUG_ERROR|SUDO_DEBUG_LINENO,
"unable to format %s/%s", evlog->iolog_path, name);
errno = ENAMETOOLONG;
sudo_warn("%s/%s", evlog->iolog_path, name);
goto done;
}
if (!iolog_rename(from, to)) {
sudo_debug_printf(
SUDO_DEBUG_ERROR|SUDO_DEBUG_LINENO|SUDO_DEBUG_ERRNO,
"unable to rename %s to %s", from, to);
sudo_warn(U_("unable to rename %s to %s"), from, to);
goto done;
}
}

9
logsrvd/logsrv_util.c
View File

@@ -59,8 +59,7 @@ expand_buf(struct connection_buffer *buf, unsigned int needed)
/* Expand buffer. */
needed = sudo_pow2_roundup(needed);
if ((newdata = malloc(needed)) == NULL) {
sudo_debug_printf(SUDO_DEBUG_ERROR|SUDO_DEBUG_ERRNO,
"%s: unable to malloc %u", __func__, needed);
sudo_warnx(U_("%s: %s"), __func__, U_("unable to allocate memory"));
debug_return_bool(false);
}
if (buf->off > 0)
@@ -147,9 +146,9 @@ iolog_seekto(int iolog_dir_fd, const char *iolog_path,
break;
/* Mismatch between resume point and stored log. */
sudo_warnx(U_("unable to find resume point [%lld, %ld] in %s/%s"),
(long long)target->tv_sec, target->tv_nsec, iolog_path,
"timing");
sudo_warnx(U_("%s/%s: unable to find resume point [%lld, %ld]"),
iolog_path, "timing", (long long)target->tv_sec,
target->tv_nsec);
goto bad;
}
}

200
logsrvd/logsrvd.c
View File

@@ -267,8 +267,7 @@ connection_close(struct connection_closure *closure)
/* Connect to the first relay available asynchronously. */
if (!connect_relay(new_closure)) {
sudo_debug_printf(SUDO_DEBUG_ERROR|SUDO_DEBUG_LINENO,
"unable to connect to relay");
sudo_warnx(U_("unable to connect to relay"));
connection_closure_free(new_closure);
}
}
@@ -294,17 +293,20 @@ get_free_buf(size_t len, struct connection_closure *closure)
debug_decl(get_free_buf, SUDO_DEBUG_UTIL);
buf = TAILQ_FIRST(&closure->free_bufs);
if (buf != NULL)
if (buf != NULL) {
TAILQ_REMOVE(&closure->free_bufs, buf, entries);
else
buf = calloc(1, sizeof(*buf));
} else {
if ((buf = calloc(1, sizeof(*buf))) == NULL) {
sudo_warnx(U_("%s: %s"), __func__, U_("unable to allocate memory"));
debug_return_ptr(NULL);
}
}
if (buf != NULL && len > buf->size) {
if (len > buf->size) {
free(buf->data);
buf->size = sudo_pow2_roundup(len);
if ((buf->data = malloc(buf->size)) == NULL) {
sudo_debug_printf(SUDO_DEBUG_ERROR|SUDO_DEBUG_LINENO,
"unable to malloc %u", buf->size);
sudo_warnx(U_("%s: %s"), __func__, U_("unable to allocate memory"));
free(buf);
buf = NULL;
}
@@ -324,8 +326,7 @@ fmt_server_message(struct connection_closure *closure, ServerMessage *msg)
len = server_message__get_packed_size(msg);
if (len > MESSAGE_SIZE_MAX) {
sudo_debug_printf(SUDO_DEBUG_ERROR|SUDO_DEBUG_LINENO,
"server message too large: %zu", len);
sudo_warnx(U_("server message too large: %zu"), len);
goto done;
}
@@ -393,7 +394,7 @@ fmt_error_message(const char *errstr, struct connection_closure *closure)
/*
* Format a ServerMessage with the error string and add it to the write queue.
* Also sets the state to ERROR.
* Also sets the error flag state to true.
* Returns true if successfully scheduled, else false.
*/
bool
@@ -416,8 +417,7 @@ schedule_error_message(const char *errstr, struct connection_closure *closure)
goto done;
if (sudo_ev_add(closure->evbase, closure->write_ev,
logsrvd_conf_server_timeout(), true) == -1) {
sudo_debug_printf(SUDO_DEBUG_ERROR|SUDO_DEBUG_LINENO,
"unable to add server write event");
sudo_warnx("%s", U_("unable to add event to queue"));
goto done;
}
ret = true;
@@ -440,17 +440,14 @@ handle_accept(AcceptMessage *msg, uint8_t *buf, size_t len,
debug_decl(handle_accept, SUDO_DEBUG_UTIL);
if (closure->state != INITIAL) {
sudo_debug_printf(SUDO_DEBUG_ERROR|SUDO_DEBUG_LINENO,
"unexpected state %d for %s", closure->state, source);
sudo_warnx(U_("unexpected state %d for %s"), closure->state, source);
closure->errstr = _("state machine error");
debug_return_bool(false);
}
/* Check that message is valid. */
if (msg->submit_time == NULL || msg->n_info_msgs == 0) {
sudo_debug_printf(SUDO_DEBUG_ERROR|SUDO_DEBUG_LINENO,
"invalid AcceptMessage from %s, submit_time: %p, n_info_msgs: %zu",
source, msg->submit_time, msg->n_info_msgs);
sudo_warnx(U_("%s: %s"), source, U_("invalid AcceptMessage"));
closure->errstr = _("invalid AcceptMessage");
debug_return_bool(false);
}
@@ -479,17 +476,14 @@ handle_reject(RejectMessage *msg, uint8_t *buf, size_t len,
debug_decl(handle_reject, SUDO_DEBUG_UTIL);
if (closure->state != INITIAL) {
sudo_debug_printf(SUDO_DEBUG_ERROR|SUDO_DEBUG_LINENO,
"unexpected state %d for %s", closure->state, source);
sudo_warnx(U_("unexpected state %d for %s"), closure->state, source);
closure->errstr = _("state machine error");
debug_return_bool(false);
}
/* Check that message is valid. */
if (msg->submit_time == NULL || msg->n_info_msgs == 0) {
sudo_debug_printf(SUDO_DEBUG_ERROR|SUDO_DEBUG_LINENO,
"invalid RejectMessage from %s, submit_time: %p, n_info_msgs: %zu",
source, msg->submit_time, msg->n_info_msgs);
sudo_warnx(U_("%s: %s"), source, U_("invalid RejectMessage"));
closure->errstr = _("invalid RejectMessage");
debug_return_bool(false);
}
@@ -513,8 +507,7 @@ handle_exit(ExitMessage *msg, uint8_t *buf, size_t len,
debug_decl(handle_exit, SUDO_DEBUG_UTIL);
if (closure->state != RUNNING) {
sudo_debug_printf(SUDO_DEBUG_ERROR|SUDO_DEBUG_LINENO,
"unexpected state %d for %s", closure->state, source);
sudo_warnx(U_("unexpected state %d for %s"), closure->state, source);
closure->errstr = _("state machine error");
debug_return_bool(false);
}
@@ -538,8 +531,7 @@ handle_exit(ExitMessage *msg, uint8_t *buf, size_t len,
if (closure->relay_closure == NULL) {
struct timespec tv = { 0, 0 };
if (sudo_ev_add(closure->evbase, closure->commit_ev, &tv, false) == -1) {
sudo_debug_printf(SUDO_DEBUG_ERROR|SUDO_DEBUG_LINENO,
"unable to add commit point event");
sudo_warnx("%s", U_("unable to add event to queue"));
ret = false;
}
}
@@ -563,8 +555,7 @@ handle_restart(RestartMessage *msg, uint8_t *buf, size_t len,
debug_decl(handle_restart, SUDO_DEBUG_UTIL);
if (closure->state != INITIAL) {
sudo_debug_printf(SUDO_DEBUG_ERROR|SUDO_DEBUG_LINENO,
"unexpected state %d for %s", closure->state, source);
sudo_warnx(U_("unexpected state %d for %s"), closure->state, source);
closure->errstr = _("state machine error");
debug_return_bool(false);
}
@@ -599,9 +590,7 @@ handle_alert(AlertMessage *msg, uint8_t *buf, size_t len,
/* Check that message is valid. */
if (msg->alert_time == NULL || msg->reason == NULL) {
sudo_debug_printf(SUDO_DEBUG_ERROR|SUDO_DEBUG_LINENO,
"invalid AlertMessage, alert_time: %p, reason: %p",
msg->alert_time, msg->reason);
sudo_warnx(U_("%s: %s"), source, U_("invalid AlertMessage"));
closure->errstr = _("invalid AlertMessage");
debug_return_bool(false);
}
@@ -621,8 +610,7 @@ enable_commit(struct connection_closure *closure)
if (!ISSET(closure->commit_ev->flags, SUDO_EVQ_INSERTED)) {
struct timespec tv = { ACK_FREQUENCY, 0 };
if (sudo_ev_add(closure->evbase, closure->commit_ev, &tv, false) == -1) {
sudo_debug_printf(SUDO_DEBUG_ERROR|SUDO_DEBUG_LINENO,
"unable to add commit point event");
sudo_warnx("%s", U_("unable to add event to queue"));
debug_return_bool(false);
}
}
@@ -639,14 +627,12 @@ handle_iobuf(int iofd, IoBuffer *iobuf, uint8_t *buf, size_t len,
debug_decl(handle_iobuf, SUDO_DEBUG_UTIL);
if (closure->state != RUNNING) {
sudo_debug_printf(SUDO_DEBUG_ERROR|SUDO_DEBUG_LINENO,
"unexpected state %d for %s", closure->state, source);
sudo_warnx(U_("unexpected state %d for %s"), closure->state, source);
closure->errstr = _("state machine error");
debug_return_bool(false);
}
if (!closure->log_io) {
sudo_debug_printf(SUDO_DEBUG_ERROR|SUDO_DEBUG_LINENO,
"not logging I/O for %s", source);
sudo_warnx(U_("%s: unexpected IoBuffer"), source);
closure->errstr = _("protocol error");
debug_return_bool(false);
}
@@ -671,14 +657,12 @@ handle_winsize(ChangeWindowSize *msg, uint8_t *buf, size_t len,
debug_decl(handle_winsize, SUDO_DEBUG_UTIL);
if (closure->state != RUNNING) {
sudo_debug_printf(SUDO_DEBUG_ERROR|SUDO_DEBUG_LINENO,
"unexpected state %d for %s", closure->state, source);
sudo_warnx(U_("unexpected state %d for %s"), closure->state, source);
closure->errstr = _("state machine error");
debug_return_bool(false);
}
if (!closure->log_io) {
sudo_debug_printf(SUDO_DEBUG_ERROR|SUDO_DEBUG_LINENO,
"not logging I/O for %s", source);
sudo_warnx(U_("%s: unexpected IoBuffer"), source);
closure->errstr = _("protocol error");
debug_return_bool(false);
}
@@ -703,14 +687,12 @@ handle_suspend(CommandSuspend *msg, uint8_t *buf, size_t len,
debug_decl(handle_syspend, SUDO_DEBUG_UTIL);
if (closure->state != RUNNING) {
sudo_debug_printf(SUDO_DEBUG_ERROR|SUDO_DEBUG_LINENO,
"unexpected state %d for %s", closure->state, source);
sudo_warnx(U_("unexpected state %d for %s"), closure->state, source);
closure->errstr = _("state machine error");
debug_return_bool(false);
}
if (!closure->log_io) {
sudo_debug_printf(SUDO_DEBUG_ERROR|SUDO_DEBUG_LINENO,
"not logging I/O for %s", source);
sudo_warnx(U_("%s: unexpected IoBuffer"), source);
closure->errstr = _("protocol error");
debug_return_bool(false);
}
@@ -730,11 +712,12 @@ static bool
handle_client_hello(ClientHello *msg, uint8_t *buf, size_t len,
struct connection_closure *closure)
{
const char *source = closure->journal_path ? closure->journal_path :
closure->ipaddr;
debug_decl(handle_client_hello, SUDO_DEBUG_UTIL);
if (closure->state != INITIAL) {
sudo_debug_printf(SUDO_DEBUG_ERROR|SUDO_DEBUG_LINENO,
"unexpected state %d", closure->state);
sudo_warnx(U_("unexpected state %d for %s"), closure->state, source);
closure->errstr = _("state machine error");
debug_return_bool(false);
}
@@ -751,6 +734,8 @@ static bool
handle_client_message(uint8_t *buf, size_t len,
struct connection_closure *closure)
{
const char *source = closure->journal_path ? closure->journal_path :
closure->ipaddr;
ClientMessage *msg;
bool ret = false;
debug_decl(handle_client_message, SUDO_DEBUG_UTIL);
@@ -758,8 +743,7 @@ handle_client_message(uint8_t *buf, size_t len,
/* TODO: can we extract type_case without unpacking for relay case? */
msg = client_message__unpack(NULL, len, buf);
if (msg == NULL) {
sudo_debug_printf(SUDO_DEBUG_ERROR|SUDO_DEBUG_LINENO,
"unable to unpack ClientMessage size %zu", len);
sudo_warnx("unable to unpack %s size %zu", "ClientMessage", len);
debug_return_bool(false);
}
@@ -804,8 +788,8 @@ handle_client_message(uint8_t *buf, size_t len,
ret = handle_client_hello(msg->u.hello_msg, buf, len, closure);
break;
default:
sudo_debug_printf(SUDO_DEBUG_ERROR|SUDO_DEBUG_LINENO,
"unexpected type_case value %d", msg->type_case);
sudo_warnx(U_("unexpected type_case value %d in %s from %s"),
msg->type_case, "ClientMessage", source);
closure->errstr = _("unrecognized ClientMessage type");
break;
}
@@ -850,8 +834,7 @@ server_shutdown(struct sudo_event_base *base)
} else if (closure->log_io) {
/* Schedule final commit point for the connection. */
if (sudo_ev_add(base, closure->commit_ev, &tv, false) == -1) {
sudo_debug_printf(SUDO_DEBUG_ERROR|SUDO_DEBUG_LINENO,
"unable to add commit point event");
sudo_warnx("%s", U_("unable to add event to queue"));
}
} else {
/* No commit point, close connection immediately. */
@@ -865,8 +848,7 @@ server_shutdown(struct sudo_event_base *base)
if (ev != NULL) {
tv.tv_sec = SHUTDOWN_TIMEO;
if (sudo_ev_add(base, ev, &tv, false) == -1) {
sudo_debug_printf(SUDO_DEBUG_ERROR|SUDO_DEBUG_LINENO,
"unable to add shutdown event");
sudo_warnx("%s", U_("unable to add event to queue"));
}
}
}
@@ -882,6 +864,7 @@ server_msg_cb(int fd, int what, void *v)
{
struct connection_closure *closure = v;
struct connection_buffer *buf;
const char *errstr;
ssize_t nwritten;
debug_decl(server_msg_cb, SUDO_DEBUG_UTIL);
@@ -898,14 +881,12 @@ server_msg_cb(int fd, int what, void *v)
}
if (what == SUDO_EV_TIMEOUT) {
sudo_debug_printf(SUDO_DEBUG_ERROR|SUDO_DEBUG_LINENO,
"timed out writing to client (%s)", closure->ipaddr);
sudo_warnx(U_("timed out writing to client %s"), closure->ipaddr);
goto finished;
}
if ((buf = TAILQ_FIRST(&closure->write_bufs)) == NULL) {
sudo_debug_printf(SUDO_DEBUG_ERROR|SUDO_DEBUG_LINENO,
"missing write buffer");
sudo_warnx(U_("missing write buffer for client %s"), closure->ipaddr);
goto finished;
}
@@ -932,14 +913,11 @@ server_msg_cb(int fd, int what, void *v)
"SSL_write returns SSL_ERROR_WANT_WRITE");
debug_return;
case SSL_ERROR_SYSCALL:
sudo_debug_printf(SUDO_DEBUG_ERROR|SUDO_DEBUG_LINENO,
"unexpected error during SSL_write(): %d (%s)",
err, strerror(errno));
sudo_warn("%s: SSL_write", closure->ipaddr);
goto finished;
default:
sudo_debug_printf(SUDO_DEBUG_ERROR|SUDO_DEBUG_LINENO,
"unexpected error during SSL_write(): %d (%s)",
err, ERR_error_string(ERR_get_error(), NULL));
errstr = ERR_reason_error_string(ERR_get_error());
sudo_warnx("%s: SSL_write: %s", closure->ipaddr, errstr);
goto finished;
}
}
@@ -950,8 +928,7 @@ server_msg_cb(int fd, int what, void *v)
}
if (nwritten == -1) {
sudo_debug_printf(SUDO_DEBUG_ERROR|SUDO_DEBUG_LINENO|SUDO_DEBUG_ERRNO,
"unable to send %u bytes", buf->len - buf->off);
sudo_warn("%s: write", closure->ipaddr);
goto finished;
}
buf->off += nwritten;
@@ -987,6 +964,9 @@ client_msg_cb(int fd, int what, void *v)
{
struct connection_closure *closure = v;
struct connection_buffer *buf = &closure->read_buf;
const char *source = closure->journal_path ? closure->journal_path :
closure->ipaddr;
const char *errstr;
uint32_t msg_len;
ssize_t nread;
debug_decl(client_msg_cb, SUDO_DEBUG_UTIL);
@@ -999,8 +979,7 @@ client_msg_cb(int fd, int what, void *v)
}
if (what == SUDO_EV_TIMEOUT) {
sudo_debug_printf(SUDO_DEBUG_ERROR|SUDO_DEBUG_LINENO,
"timed out reading from client (%s)", closure->ipaddr);
sudo_warnx(U_("timed out reading from client %s"), closure->ipaddr);
goto close_connection;
}
@@ -1028,8 +1007,7 @@ client_msg_cb(int fd, int what, void *v)
/* Enable a temporary write event. */
if (sudo_ev_add(closure->evbase, closure->write_ev,
logsrvd_conf_server_timeout(), false) == -1) {
sudo_debug_printf(SUDO_DEBUG_ERROR|SUDO_DEBUG_LINENO,
"unable to add event to queue");
sudo_warnx("%s", U_("unable to add event to queue"));
closure->errstr = _("unable to allocate memory");
goto send_error;
}
@@ -1041,20 +1019,16 @@ client_msg_cb(int fd, int what, void *v)
case SSL_ERROR_SYSCALL:
if (nread == 0) {
/* EOF, handled below */
sudo_debug_printf(SUDO_DEBUG_ERROR|SUDO_DEBUG_LINENO,
"EOF from %s without proper TLS shutdown",
sudo_warnx(U_("EOF from %s without proper TLS shutdown"),
closure->ipaddr);
break;
}
sudo_debug_printf(SUDO_DEBUG_ERROR|SUDO_DEBUG_LINENO,
"SSL_read from %s: %s", closure->ipaddr,
strerror(errno));
sudo_warn("%s: SSL_read", closure->ipaddr);
goto close_connection;
default:
sudo_debug_printf(SUDO_DEBUG_ERROR|SUDO_DEBUG_LINENO,
"unexpected error during SSL_read(): %d (%s)",
err, ERR_error_string(ERR_get_error(), NULL));
goto close_connection;
errstr = ERR_reason_error_string(ERR_get_error());
sudo_warnx("%s: SSL_read: %s", closure->ipaddr, errstr);
goto close_connection;
}
}
} else
@@ -1069,8 +1043,7 @@ client_msg_cb(int fd, int what, void *v)
case -1:
if (errno == EAGAIN)
debug_return;
sudo_debug_printf(SUDO_DEBUG_ERROR|SUDO_DEBUG_LINENO|SUDO_DEBUG_ERRNO,
"unable to receive %u bytes", buf->size - buf->len);
sudo_warn("%s: read", closure->ipaddr);
goto close_connection;
case 0:
if (closure->state != FINISHED) {
@@ -1089,8 +1062,7 @@ client_msg_cb(int fd, int what, void *v)
msg_len = ntohl(msg_len);
if (msg_len > MESSAGE_SIZE_MAX) {
sudo_debug_printf(SUDO_DEBUG_ERROR|SUDO_DEBUG_LINENO,
"client message too large: %u", msg_len);
sudo_warnx(U_("client message too large: %zu"), (size_t)msg_len);
closure->errstr = _("client message too large");
goto send_error;
}
@@ -1109,8 +1081,7 @@ client_msg_cb(int fd, int what, void *v)
"%s: parsing ClientMessage, size %u", __func__, msg_len);
buf->off += sizeof(msg_len);
if (!handle_client_message(buf->data + buf->off, msg_len, closure)) {
sudo_debug_printf(SUDO_DEBUG_ERROR|SUDO_DEBUG_LINENO,
"unable to parse ClientMessage, size %u", msg_len);
sudo_warnx(U_("%s: %s"), source, U_("invalid ClientMessage"));
closure->errstr = _("invalid ClientMessage");
goto send_error;
}
@@ -1156,15 +1127,11 @@ schedule_commit_point(TimeSpec *commit_point,
"%s: sending commit point [%lld, %ld]", __func__,
(long long)commit_point->tv_sec, (long)commit_point->tv_nsec);
if (!fmt_server_message(closure, &msg)) {
sudo_debug_printf(SUDO_DEBUG_ERROR|SUDO_DEBUG_LINENO,
"unable to format ServerMessage (commit point)");
if (!fmt_server_message(closure, &msg))
goto bad;
}
if (sudo_ev_add(closure->evbase, closure->write_ev,
logsrvd_conf_server_timeout(), false) == -1) {
sudo_debug_printf(SUDO_DEBUG_ERROR|SUDO_DEBUG_LINENO,
"unable to add server write event");
sudo_warnx("%s", U_("unable to add event to queue"));
goto bad;
}
}
@@ -1302,11 +1269,11 @@ static void
tls_handshake_cb(int fd, int what, void *v)
{
struct connection_closure *closure = v;
const char *errstr;
debug_decl(tls_handshake_cb, SUDO_DEBUG_UTIL);
if (what == SUDO_EV_TIMEOUT) {
sudo_debug_printf(SUDO_DEBUG_ERROR|SUDO_DEBUG_LINENO,
"TLS handshake timed out");
sudo_warnx("TLS handshake with %s timed out", closure->ipaddr);
goto bad;
}
@@ -1332,8 +1299,7 @@ tls_handshake_cb(int fd, int what, void *v)
}
if (sudo_ev_add(closure->evbase, closure->ssl_accept_ev,
logsrvd_conf_server_timeout(), false) == -1) {
sudo_debug_printf(SUDO_DEBUG_ERROR|SUDO_DEBUG_LINENO,
"unable to add ssl_accept_ev to queue");
sudo_warnx("%s", U_("unable to add event to queue"));
goto bad;
}
debug_return;
@@ -1351,20 +1317,16 @@ tls_handshake_cb(int fd, int what, void *v)
}
if (sudo_ev_add(closure->evbase, closure->ssl_accept_ev,
logsrvd_conf_server_timeout(), false) == -1) {
sudo_debug_printf(SUDO_DEBUG_ERROR|SUDO_DEBUG_LINENO,
"unable to add ssl_accept_ev to queue");
sudo_warnx("%s", U_("unable to add event to queue"));
goto bad;
}
debug_return;
case SSL_ERROR_SYSCALL:
sudo_debug_printf(SUDO_DEBUG_ERROR|SUDO_DEBUG_LINENO,
"unexpected error during TLS handshake: %d (%s)",
err, strerror(errno));
sudo_warn("%s: SSL_accept", closure->ipaddr);
goto bad;
default:
sudo_debug_printf(SUDO_DEBUG_ERROR|SUDO_DEBUG_LINENO,
"unexpected error during TLS handshake: %d (%s)",
err, ERR_error_string(ERR_get_error(), NULL));
errstr = ERR_reason_error_string(ERR_get_error());
sudo_warnx("%s: SSL_accept: %s", closure->ipaddr, errstr);
goto bad;
}
@@ -1398,6 +1360,7 @@ new_connection(int sock, bool tls, const struct sockaddr *sa,
struct sudo_event_base *evbase)
{
struct connection_closure *closure;
const char *errstr;
debug_decl(new_connection, SUDO_DEBUG_UTIL);
if ((closure = connection_closure_alloc(sock, tls, false, evbase)) == NULL)
@@ -1427,16 +1390,14 @@ new_connection(int sock, bool tls, const struct sockaddr *sa,
if (tls) {
/* Create the SSL object for the closure and attach it to the socket */
if ((closure->ssl = SSL_new(logsrvd_server_tls_ctx())) == NULL) {
sudo_debug_printf(SUDO_DEBUG_ERROR|SUDO_DEBUG_LINENO,
"unable to create new ssl object: %s",
ERR_error_string(ERR_get_error(), NULL));
errstr = ERR_reason_error_string(ERR_get_error());
sudo_warnx(U_("%s: %s"), "SSL_new", errstr);
goto bad;
}
if (SSL_set_fd(closure->ssl, closure->sock) != 1) {
sudo_debug_printf(SUDO_DEBUG_ERROR|SUDO_DEBUG_LINENO,
"unable to set fd for TLS: %s",
ERR_error_string(ERR_get_error(), NULL));
errstr = ERR_reason_error_string(ERR_get_error());
sudo_warnx(U_("%s: %s"), "SSL_set_fd", errstr);
goto bad;
}
@@ -1444,15 +1405,16 @@ new_connection(int sock, bool tls, const struct sockaddr *sa,
available during hostname matching
*/
if (SSL_set_ex_data(closure->ssl, 1, closure) <= 0) {
errstr = ERR_reason_error_string(ERR_get_error());
sudo_warnx(U_("Unable to attach user data to the ssl object: %s"),
ERR_error_string(ERR_get_error(), NULL));
errstr);
goto bad;
}
/* Enable SSL_accept to begin handshake with client. */
if (sudo_ev_add(evbase, closure->ssl_accept_ev,
logsrvd_conf_server_timeout(), false) == -1) {
sudo_fatal("%s", U_("unable to add event to queue"));
sudo_warnx("%s", U_("unable to add event to queue"));
goto bad;
}
}
@@ -1538,8 +1500,7 @@ listener_cb(int fd, int what, void *v)
int keepalive = 1;
if (setsockopt(sock, SOL_SOCKET, SO_KEEPALIVE, &keepalive,
sizeof(keepalive)) == -1) {
sudo_debug_printf(SUDO_DEBUG_ERROR|SUDO_DEBUG_LINENO|SUDO_DEBUG_ERRNO,
"unable to set SO_KEEPALIVE option");
sudo_warn("SO_KEEPALIVE");
}
}
if (!new_connection(sock, l->tls, &s_un.sa, evbase)) {
@@ -1548,10 +1509,8 @@ listener_cb(int fd, int what, void *v)
"unable to start new connection");
}
} else {
if (errno != EAGAIN) {
sudo_debug_printf(SUDO_DEBUG_ERROR|SUDO_DEBUG_LINENO|SUDO_DEBUG_ERRNO,
"unable to accept new connection");
}
if (errno != EAGAIN)
sudo_warn("accept");
/* TODO: pause accepting on ENFILE and EMFILE */
}
@@ -1745,8 +1704,7 @@ signal_cb(int signo, int what, void *v)
server_dump_stats();
break;
default:
sudo_debug_printf(SUDO_DEBUG_ERROR|SUDO_DEBUG_LINENO,
"unexpected signal %d", signo);
sudo_warnx(U_("unexpected signal %d"), signo);
break;
}

34
logsrvd/logsrvd_conf.c
View File

@@ -366,8 +366,7 @@ cb_iolog_user(struct logsrvd_config *config, const char *user, size_t offset)
debug_decl(cb_iolog_user, SUDO_DEBUG_UTIL);
if ((pw = getpwnam(user)) == NULL) {
sudo_debug_printf(SUDO_DEBUG_ERROR|SUDO_DEBUG_LINENO,
"unknown user %s", user);
sudo_warnx(U_("unknown user %s"), user);
debug_return_bool(false);
}
config->iolog.uid = pw->pw_uid;
@@ -384,8 +383,7 @@ cb_iolog_group(struct logsrvd_config *config, const char *group, size_t offset)
debug_decl(cb_iolog_group, SUDO_DEBUG_UTIL);
if ((gr = getgrnam(group)) == NULL) {
sudo_debug_printf(SUDO_DEBUG_ERROR|SUDO_DEBUG_LINENO,
"unknown group %s", group);
sudo_warnx(U_("unknown group %s"), group);
debug_return_bool(false);
}
config->iolog.gid = gr->gr_gid;
@@ -403,8 +401,7 @@ cb_iolog_mode(struct logsrvd_config *config, const char *str, size_t offset)
mode = sudo_strtomode(str, &errstr);
if (errstr != NULL) {
sudo_debug_printf(SUDO_DEBUG_ERROR|SUDO_DEBUG_LINENO,
"unable to parse iolog mode %s", str);
sudo_warnx(U_("unable to parse iolog mode %s"), str);
debug_return_bool(false);
}
config->iolog.mode = mode;
@@ -421,8 +418,7 @@ cb_iolog_maxseq(struct logsrvd_config *config, const char *str, size_t offset)
value = sudo_strtonum(str, 0, SESSID_MAX, &errstr);
if (errstr != NULL) {
if (errno != ERANGE) {
sudo_debug_printf(SUDO_DEBUG_ERROR|SUDO_DEBUG_LINENO,
"bad maxseq: %s: %s", str, errstr);
sudo_warnx(U_("invalid value for %s: %s"), "maxseq", errstr);
debug_return_bool(false);
}
/* Out of range, clamp to SESSID_MAX as documented. */
@@ -855,8 +851,7 @@ cb_syslog_server_facility(struct logsrvd_config *config, const char *str, size_t
debug_decl(cb_syslog_server_facility, SUDO_DEBUG_UTIL);
if (!sudo_str2logfac(str, &logfac)) {
sudo_debug_printf(SUDO_DEBUG_ERROR|SUDO_DEBUG_LINENO,
"invalid syslog priority %s", str);
sudo_warnx(U_("unknown syslog facility %s"), str);
debug_return_bool(false);
}
@@ -872,8 +867,7 @@ cb_syslog_facility(struct logsrvd_config *config, const char *str, size_t offset
debug_decl(cb_syslog_facility, SUDO_DEBUG_UTIL);
if (!sudo_str2logfac(str, &logfac)) {
sudo_debug_printf(SUDO_DEBUG_ERROR|SUDO_DEBUG_LINENO,
"invalid syslog priority %s", str);
sudo_warnx(U_("unknown syslog facility %s"), str);
debug_return_bool(false);
}
@@ -889,8 +883,7 @@ cb_syslog_acceptpri(struct logsrvd_config *config, const char *str, size_t offse
debug_decl(cb_syslog_acceptpri, SUDO_DEBUG_UTIL);
if (!sudo_str2logpri(str, &logpri)) {
sudo_debug_printf(SUDO_DEBUG_ERROR|SUDO_DEBUG_LINENO,
"invalid syslog priority %s", str);
sudo_warnx(U_("unknown syslog priority %s"), str);
debug_return_bool(false);
}
@@ -905,8 +898,10 @@ cb_syslog_rejectpri(struct logsrvd_config *config, const char *str, size_t offse
int logpri;
debug_decl(cb_syslog_rejectpri, SUDO_DEBUG_UTIL);
if (!sudo_str2logpri(str, &logpri))
if (!sudo_str2logpri(str, &logpri)) {
sudo_warnx(U_("unknown syslog priority %s"), str);
debug_return_bool(false);
}
config->syslog.rejectpri = logpri;
@@ -920,8 +915,7 @@ cb_syslog_alertpri(struct logsrvd_config *config, const char *str, size_t offset
debug_decl(cb_syslog_alertpri, SUDO_DEBUG_UTIL);
if (!sudo_str2logpri(str, &logpri)) {
sudo_debug_printf(SUDO_DEBUG_ERROR|SUDO_DEBUG_LINENO,
"invalid syslog priority %s", str);
sudo_warnx(U_("unknown syslog priority %s"), str);
debug_return_bool(false);
}
@@ -1176,8 +1170,7 @@ logsrvd_open_log_file(const char *path, int flags)
fd = open(path, flags, S_IRUSR|S_IWUSR);
(void)umask(oldmask);
if (fd == -1 || (fp = fdopen(fd, omode)) == NULL) {
sudo_debug_printf(SUDO_DEBUG_ERROR|SUDO_DEBUG_LINENO|SUDO_DEBUG_ERRNO,
"unable to open log file %s", path);
sudo_warn(U_("unable to open log file %s"), path);
if (fd != -1)
close(fd);
}
@@ -1328,9 +1321,8 @@ logsrvd_conv_syslog(int num_msgs, const struct sudo_conv_message msgs[],
bufsize += 1024;
char *tmp = realloc(buf, bufsize);
if (tmp == NULL) {
sudo_warnx(U_("%s: %s"), __func__, U_("unable to allocate memory"));
free(buf);
sudo_debug_printf(SUDO_DEBUG_ERROR|SUDO_DEBUG_LINENO,
"unable to allocate memory");
debug_return_int(-1);
}
buf = tmp;

80
logsrvd/logsrvd_journal.c
View File

@@ -49,6 +49,7 @@
#include "sudo_debug.h"
#include "sudo_event.h"
#include "sudo_eventlog.h"
#include "sudo_fatal.h"
#include "sudo_gettext.h"
#include "sudo_iolog.h"
#include "sudo_util.h"
@@ -67,8 +68,7 @@ journal_fdopen(int fd, const char *journal_path,
closure->journal_path = strdup(journal_path);
if (closure->journal_path == NULL) {
sudo_debug_printf(SUDO_DEBUG_ERROR|SUDO_DEBUG_LINENO|SUDO_DEBUG_ERRNO,
"unable to allocate memory");
sudo_warnx(U_("%s: %s"), __func__, U_("unable to allocate memory"));
debug_return_bool(false);
}
@@ -92,8 +92,8 @@ journal_mkstemp(const char *parent_dir, char *pathbuf, int pathlen)
logsrvd_conf_relay_dir(), parent_dir, RELAY_TEMPLATE);
if (len >= pathlen) {
errno = ENAMETOOLONG;
sudo_debug_printf(SUDO_DEBUG_ERROR|SUDO_DEBUG_LINENO|SUDO_DEBUG_ERRNO,
"%s/%s/%s", logsrvd_conf_relay_dir(), parent_dir, RELAY_TEMPLATE);
sudo_warn("%s/%s/%s", logsrvd_conf_relay_dir(), parent_dir,
RELAY_TEMPLATE);
debug_return_int(-1);
}
if (!sudo_mkdir_parents(pathbuf, ROOT_UID, ROOT_GID,
@@ -103,8 +103,7 @@ journal_mkstemp(const char *parent_dir, char *pathbuf, int pathlen)
debug_return_int(-1);
}
if ((fd = mkstemp(pathbuf)) == -1) {
sudo_debug_printf(SUDO_DEBUG_ERROR|SUDO_DEBUG_LINENO|SUDO_DEBUG_ERRNO,
"unable to create journal file %s", pathbuf);
sudo_warn(U_("%s: %s"), "mkstemp", pathbuf);
debug_return_int(-1);
}
@@ -127,8 +126,7 @@ journal_create(struct connection_closure *closure)
debug_return_bool(false);
}
if (!sudo_lock_file(fd, SUDO_TLOCK)) {
sudo_debug_printf(SUDO_DEBUG_ERROR|SUDO_DEBUG_LINENO|SUDO_DEBUG_ERRNO,
"unable to lock journal file %s", journal_path);
sudo_warn(U_("unable to lock %s"), journal_path);
unlink(journal_path);
close(fd);
closure->errstr = _("unable to lock journal file");
@@ -139,7 +137,7 @@ journal_create(struct connection_closure *closure)
"unable to fdopen journal file %s", journal_path);
unlink(journal_path);
close(fd);
closure->errstr = _("unable to allocate memory");
closure->errstr = _("unable to open journal file");
debug_return_bool(false);
}
@@ -173,8 +171,8 @@ journal_finish(struct connection_closure *closure)
}
close(fd);
if (rename(closure->journal_path, outgoing_path) == -1) {
sudo_debug_printf(SUDO_DEBUG_ERROR|SUDO_DEBUG_LINENO|SUDO_DEBUG_ERRNO,
"unable to rename %s -> %s", closure->journal_path, outgoing_path);
sudo_warn(U_("unable to rename %s to %s"), closure->journal_path,
outgoing_path);
closure->errstr = _("unable to rename journal file");
unlink(outgoing_path);
debug_return_bool(false);
@@ -191,8 +189,7 @@ journal_finish(struct connection_closure *closure)
free(closure->journal_path);
closure->journal_path = strdup(outgoing_path);
if (closure->journal_path == NULL) {
sudo_debug_printf(SUDO_DEBUG_ERROR|SUDO_DEBUG_LINENO,
"unable to strdup new journal path %s", outgoing_path);
sudo_warnx(U_("%s: %s"), __func__, U_("unable to allocate memory"));
closure->errstr = _("unable to allocate memory");
debug_return_bool(false);
}
@@ -221,19 +218,21 @@ journal_seek(struct timespec *target, struct connection_closure *closure)
/* Read message size (uint32_t in network byte order). */
nread = fread(&msg_len, sizeof(msg_len), 1, closure->journal);
if (nread != 1) {
sudo_debug_printf(SUDO_DEBUG_ERROR|SUDO_DEBUG_LINENO,
"unable to read message length from %s", closure->journal_path);
if (feof(closure->journal))
if (feof(closure->journal)) {
sudo_warnx(U_("%s: %s"), closure->journal_path,
U_("unexpected EOF reading journal file"));
closure->errstr = _("unexpected EOF reading journal file");
else
} else {
sudo_warn(U_("%s: %s"), closure->journal_path,
U_("error reading journal file"));
closure->errstr = _("error reading journal file");
}
break;
}
msg_len = ntohl(msg_len);
if (msg_len > MESSAGE_SIZE_MAX) {
sudo_debug_printf(SUDO_DEBUG_ERROR|SUDO_DEBUG_LINENO,
"%s: client message too large %u > %u",
closure->journal_path, msg_len, MESSAGE_SIZE_MAX);
sudo_warnx(U_("%s: %s"), closure->journal_path,
U_("client message too large"));
closure->errstr = _("client message too large");
break;
}
@@ -254,12 +253,15 @@ journal_seek(struct timespec *target, struct connection_closure *closure)
nread = fread(buf, msg_len, 1, closure->journal);
if (nread != 1) {
sudo_debug_printf(SUDO_DEBUG_ERROR|SUDO_DEBUG_LINENO,
"unable to read message from %s", closure->journal_path);
if (feof(closure->journal))
if (feof(closure->journal)) {
sudo_warnx(U_("%s: %s"), closure->journal_path,
U_("unexpected EOF reading journal file"));
closure->errstr = _("unexpected EOF reading journal file");
else
} else {
sudo_warn(U_("%s: %s"), closure->journal_path,
U_("error reading journal file"));
closure->errstr = _("error reading journal file");
}
break;
}
}
@@ -267,8 +269,8 @@ journal_seek(struct timespec *target, struct connection_closure *closure)
client_message__free_unpacked(msg, NULL);
msg = client_message__unpack(NULL, msg_len, buf);
if (msg == NULL) {
sudo_debug_printf(SUDO_DEBUG_ERROR|SUDO_DEBUG_LINENO,
"unable to unpack ClientMessage size %u", msg_len);
sudo_warnx("unable to unpack %s size %zu", "ClientMessage",
(size_t)msg_len);
closure->errstr = _("invalid journal file, unable to restart");
break;
}
@@ -341,8 +343,8 @@ journal_seek(struct timespec *target, struct connection_closure *closure)
(long long)delay->tv_sec, (long)delay->tv_nsec);
break;
default:
sudo_debug_printf(SUDO_DEBUG_ERROR|SUDO_DEBUG_LINENO,
"unexpected type_case value %d", msg->type_case);
sudo_warnx(U_("unexpected type_case value %d in %s from %s"),
msg->type_case, "ClientMessage", closure->journal_path);
break;
}
if (delay != NULL) {
@@ -361,10 +363,9 @@ journal_seek(struct timespec *target, struct connection_closure *closure)
/* Mismatch between resume point and stored log. */
closure->errstr = _("invalid journal file, unable to restart");
sudo_debug_printf(SUDO_DEBUG_ERROR|SUDO_DEBUG_LINENO,
"unable to find resume point [%lld, %ld] in %s",
(long long)target->tv_sec, target->tv_nsec,
closure->journal_path);
sudo_warnx(U_("%s: unable to find resume point [%lld, %ld]"),
closure->journal_path, (long long)target->tv_sec,
target->tv_nsec);
break;
}
}
@@ -400,20 +401,17 @@ journal_restart(RestartMessage *msg, uint8_t *buf, size_t buflen,
logsrvd_conf_relay_dir(), cp);
if (len >= ssizeof(journal_path)) {
errno = ENAMETOOLONG;
sudo_debug_printf(SUDO_DEBUG_ERROR|SUDO_DEBUG_LINENO|SUDO_DEBUG_ERRNO,
"%s/incoming/%s", logsrvd_conf_relay_dir(), cp);
sudo_warn("%s/incoming/%s", logsrvd_conf_relay_dir(), cp);
closure->errstr = _("unable to create journal file");
debug_return_bool(false);
}
if ((fd = open(journal_path, O_RDWR)) == -1) {
sudo_debug_printf(SUDO_DEBUG_ERROR|SUDO_DEBUG_LINENO|SUDO_DEBUG_ERRNO,
"unable to open journal file %s", journal_path);
sudo_warn(U_("unable to open %s"), journal_path);
closure->errstr = _("unable to create journal file");
debug_return_bool(false);
}
if (!journal_fdopen(fd, journal_path, closure)) {
sudo_debug_printf(SUDO_DEBUG_ERROR|SUDO_DEBUG_LINENO|SUDO_DEBUG_ERRNO,
"unable to fdopen journal file %s", journal_path);
sudo_warnx(U_("%s: %s"), __func__, U_("unable to allocate memory"));
close(fd);
closure->errstr = _("unable to allocate memory");
debug_return_bool(false);
@@ -423,8 +421,7 @@ journal_restart(RestartMessage *msg, uint8_t *buf, size_t buflen,
target.tv_sec = msg->resume_point->tv_sec;
target.tv_nsec = msg->resume_point->tv_nsec;
if (!journal_seek(&target, closure)) {
sudo_debug_printf(SUDO_DEBUG_ERROR|SUDO_DEBUG_LINENO|SUDO_DEBUG_ERRNO,
"unable to seek to [%lld, %ld] in journal file %s",
sudo_warn(U_("unable to seek to [%lld, %ld] in journal file %s"),
(long long)target.tv_sec, target.tv_nsec, journal_path);
debug_return_bool(false);
}
@@ -473,8 +470,7 @@ journal_accept(AcceptMessage *msg, uint8_t *buf, size_t len,
debug_return_bool(false);
if (sudo_ev_add(closure->evbase, closure->write_ev,
logsrvd_conf_server_timeout(), false) == -1) {
sudo_debug_printf(SUDO_DEBUG_ERROR|SUDO_DEBUG_LINENO,
"unable to add server write event");
sudo_warnx("%s", U_("unable to add event to queue"));
debug_return_bool(false);
}
}

55
logsrvd/logsrvd_local.c
View File

@@ -49,6 +49,7 @@
#include "sudo_debug.h"
#include "sudo_event.h"
#include "sudo_eventlog.h"
#include "sudo_fatal.h"
#include "sudo_gettext.h"
#include "sudo_json.h"
#include "sudo_iolog.h"
@@ -121,8 +122,8 @@ logsrvd_json_log_cb(struct json_container *json, void *v)
break;
}
default:
sudo_debug_printf(SUDO_DEBUG_ERROR|SUDO_DEBUG_LINENO,
"unexpected value case %d", info->value_case);
sudo_warnx(U_("unexpected type_case value %d in %s from %s"),
info->value_case, "InfoMessage", "local");
goto bad;
}
}
@@ -171,8 +172,7 @@ store_accept_local(AcceptMessage *msg, uint8_t *buf, size_t len,
debug_return_bool(false);
if (sudo_ev_add(closure->evbase, closure->write_ev,
logsrvd_conf_server_timeout(), false) == -1) {
sudo_debug_printf(SUDO_DEBUG_ERROR|SUDO_DEBUG_LINENO,
"unable to add server write event");
sudo_warnx("%s", U_("unable to add event to queue"));
debug_return_bool(false);
}
}
@@ -228,8 +228,8 @@ store_exit_local(ExitMessage *msg, uint8_t *buf, size_t len,
mode = logsrvd_conf_iolog_mode();
CLR(mode, S_IWUSR|S_IWGRP|S_IWOTH);
if (fchmodat(closure->iolog_dir_fd, "timing", mode, 0) == -1) {
sudo_debug_printf(SUDO_DEBUG_ERROR|SUDO_DEBUG_LINENO|SUDO_DEBUG_ERRNO,
"unable to fchmodat timing file");
sudo_warn("chmod 0%o %s/%s", mode, "timing",
logsrvd_conf_iolog_dir());
}
}
@@ -251,15 +251,13 @@ store_restart_local(RestartMessage *msg, uint8_t *buf, size_t len,
/* We must allocate closure->evlog for iolog_path. */
closure->evlog = calloc(1, sizeof(*closure->evlog));
if (closure->evlog == NULL) {
sudo_debug_printf(SUDO_DEBUG_ERROR|SUDO_DEBUG_LINENO|SUDO_DEBUG_ERRNO,
"calloc(1, %zu)", sizeof(*closure->evlog));
sudo_warnx(U_("%s: %s"), __func__, U_("unable to allocate memory"));
closure->errstr = _("unable to allocate memory");
goto bad;
}
closure->evlog->iolog_path = strdup(msg->log_id);
if (closure->evlog->iolog_path == NULL) {
sudo_debug_printf(SUDO_DEBUG_ERROR|SUDO_DEBUG_LINENO|SUDO_DEBUG_ERRNO,
"strdup");
sudo_warnx(U_("%s: %s"), __func__, U_("unable to allocate memory"));
closure->errstr = _("unable to allocate memory");
goto bad;
}
@@ -268,20 +266,18 @@ store_restart_local(RestartMessage *msg, uint8_t *buf, size_t len,
closure->iolog_dir_fd =
iolog_openat(AT_FDCWD, closure->evlog->iolog_path, O_RDONLY);
if (closure->iolog_dir_fd == -1) {
sudo_debug_printf(SUDO_DEBUG_ERROR|SUDO_DEBUG_LINENO|SUDO_DEBUG_ERRNO,
"%s", closure->evlog->iolog_path);
sudo_warn("%s", closure->evlog->iolog_path);
goto bad;
}
/* If the timing file write bit is clear, log is already complete. */
if (fstatat(closure->iolog_dir_fd, "timing", &sb, 0) == -1) {
sudo_debug_printf(SUDO_DEBUG_ERROR|SUDO_DEBUG_LINENO|SUDO_DEBUG_ERRNO,
"unable to stat %s/timing", closure->evlog->iolog_path);
sudo_warn("%s/timing", closure->evlog->iolog_path);
goto bad;
}
if (!ISSET(sb.st_mode, S_IWUSR)) {
sudo_debug_printf(SUDO_DEBUG_ERROR|SUDO_DEBUG_LINENO,
"%s already complete", closure->evlog->iolog_path);
sudo_warn(U_("%s: %s"), closure->evlog->iolog_path,
U_("log is already complete, cannot be restarted"));
closure->errstr = _("log is already complete, cannot be restarted");
goto bad;
}
@@ -304,8 +300,7 @@ store_restart_local(RestartMessage *msg, uint8_t *buf, size_t len,
/* Must seek or flush before switching from read -> write. */
if (iolog_seek(&closure->iolog_files[IOFD_TIMING], 0, SEEK_CUR) == -1) {
sudo_debug_printf(SUDO_DEBUG_ERROR|SUDO_DEBUG_LINENO|SUDO_DEBUG_ERRNO,
"lseek(IOFD_TIMING, 0, SEEK_CUR)");
sudo_warn("%s/timing", closure->evlog->iolog_path);
goto bad;
}
@@ -365,25 +360,22 @@ store_iobuf_local(int iofd, IoBuffer *iobuf, uint8_t *buf, size_t buflen,
iofd, (long long)iobuf->delay->tv_sec, (int)iobuf->delay->tv_nsec,
iobuf->data.len);
if (len < 0 || len >= ssizeof(tbuf)) {
sudo_debug_printf(SUDO_DEBUG_ERROR|SUDO_DEBUG_LINENO,
"unable to format timing buffer, len %d", len);
sudo_warnx(U_("unable to format timing buffer, length %d"), len);
goto bad;
}
/* Write to specified I/O log file. */
if (!iolog_write(&closure->iolog_files[iofd], iobuf->data.data,
iobuf->data.len, &errstr)) {
sudo_debug_printf(SUDO_DEBUG_ERROR|SUDO_DEBUG_LINENO,
"unable to write to %s/%s: %s", evlog->iolog_path,
iolog_fd_to_name(iofd), errstr);
sudo_warnx(U_("%s/%s: %s"), evlog->iolog_path, iolog_fd_to_name(iofd),
errstr);
goto bad;
}
/* Write timing data. */
if (!iolog_write(&closure->iolog_files[IOFD_TIMING], tbuf,
len, &errstr)) {
sudo_debug_printf(SUDO_DEBUG_ERROR|SUDO_DEBUG_LINENO,
"unable to write to %s/%s: %s", evlog->iolog_path,
sudo_warnx(U_("%s/%s: %s"), evlog->iolog_path,
iolog_fd_to_name(IOFD_TIMING), errstr);
goto bad;
}
@@ -421,16 +413,14 @@ store_winsize_local(ChangeWindowSize *msg, uint8_t *buf, size_t buflen,
(long long)msg->delay->tv_sec, (int)msg->delay->tv_nsec,
msg->rows, msg->cols);
if (len < 0 || len >= ssizeof(tbuf)) {
sudo_debug_printf(SUDO_DEBUG_ERROR|SUDO_DEBUG_LINENO,
"unable to format timing buffer, len %d", len);
sudo_warnx(U_("unable to format timing buffer, length %d"), len);
goto bad;
}
/* Write timing data. */
if (!iolog_write(&closure->iolog_files[IOFD_TIMING], tbuf,
len, &errstr)) {
sudo_debug_printf(SUDO_DEBUG_ERROR|SUDO_DEBUG_LINENO,
"unable to write to %s/%s: %s", closure->evlog->iolog_path,
sudo_warnx(U_("%s/%s: %s"), closure->evlog->iolog_path,
iolog_fd_to_name(IOFD_TIMING), errstr);
goto bad;
}
@@ -458,17 +448,14 @@ store_suspend_local(CommandSuspend *msg, uint8_t *buf, size_t buflen,
(long long)msg->delay->tv_sec, (int)msg->delay->tv_nsec,
msg->signal);
if (len < 0 || len >= ssizeof(tbuf)) {
sudo_debug_printf(SUDO_DEBUG_ERROR|SUDO_DEBUG_LINENO,
"unable to format timing buffer, len %d, signal %s",
len, msg->signal);
sudo_warnx(U_("unable to format timing buffer, length %d"), len);
goto bad;
}
/* Write timing data. */
if (!iolog_write(&closure->iolog_files[IOFD_TIMING], tbuf,
len, &errstr)) {
sudo_debug_printf(SUDO_DEBUG_ERROR|SUDO_DEBUG_LINENO,
"unable to write to %s/%s: %s", closure->evlog->iolog_path,
sudo_warnx(U_("%s/%s: %s"), closure->evlog->iolog_path,
iolog_fd_to_name(IOFD_TIMING), errstr);
goto bad;
}

29
logsrvd/logsrvd_queue.c
View File

@@ -50,6 +50,7 @@
#include "sudo_debug.h"
#include "sudo_event.h"
#include "sudo_eventlog.h"
#include "sudo_fatal.h"
#include "sudo_gettext.h"
#include "sudo_iolog.h"
#include "sudo_queue.h"
@@ -101,16 +102,14 @@ outgoing_queue_cb(int unused, int what, void *v)
continue;
}
if (!sudo_lock_file(fd, SUDO_TLOCK)) {
sudo_debug_printf(SUDO_DEBUG_ERROR|SUDO_DEBUG_LINENO|SUDO_DEBUG_ERRNO,
"unable to lock fd %d (%s)", fd, oj->journal_path);
sudo_warn(U_("unable to lock %s"), oj->journal_path);
close(fd);
continue;
}
fp = fdopen(fd, "r");
if (fp == NULL) {
sudo_warn(U_("unable to open %s"), oj->journal_path);
close(fd);
sudo_debug_printf(SUDO_DEBUG_ERROR|SUDO_DEBUG_LINENO|SUDO_DEBUG_ERRNO,
"unable to fdopen %s", oj->journal_path);
break;
}
@@ -129,8 +128,7 @@ outgoing_queue_cb(int unused, int what, void *v)
success = connect_relay(closure);
if (!success) {
sudo_debug_printf(SUDO_DEBUG_ERROR|SUDO_DEBUG_LINENO,
"unable to connect to relay");
sudo_warnx(U_("unable to connect to relay"));
connection_close(closure);
}
break;
@@ -153,14 +151,13 @@ logsrvd_queue_enable(time_t timeout, struct sudo_event_base *evbase)
outgoing_queue_event = sudo_ev_alloc(-1, SUDO_EV_TIMEOUT,
outgoing_queue_cb, evbase);
if (outgoing_queue_event == NULL) {
sudo_debug_printf(SUDO_DEBUG_ERROR|SUDO_DEBUG_LINENO,
"unable to allocate memory");
sudo_warnx(U_("%s: %s"), __func__,
U_("unable to allocate memory"));
debug_return_bool(false);
}
}
if (sudo_ev_add(evbase, outgoing_queue_event, &tv, false) == -1) {
sudo_debug_printf(SUDO_DEBUG_ERROR|SUDO_DEBUG_LINENO,
"unable to add server write event");
sudo_warnx("%s", U_("unable to add event to queue"));
debug_return_bool(false);
}
}
@@ -185,8 +182,7 @@ logsrvd_queue_insert(struct connection_closure *closure)
}
if ((oj = malloc(sizeof(*oj))) == NULL) {
sudo_debug_printf(SUDO_DEBUG_ERROR|SUDO_DEBUG_LINENO,
"unable to allocate memory");
sudo_warnx(U_("%s: %s"), __func__, U_("unable to allocate memory"));
debug_return_bool(false);
}
oj->journal_path = closure->journal_path;
@@ -222,8 +218,7 @@ logsrvd_queue_scan(struct sudo_event_base *evbase)
logsrvd_conf_relay_dir(), RELAY_TEMPLATE);
if (dirlen >= ssizeof(path)) {
errno = ENAMETOOLONG;
sudo_debug_printf(SUDO_DEBUG_ERROR|SUDO_DEBUG_LINENO|SUDO_DEBUG_ERRNO,
"%s/outgoing/%s", logsrvd_conf_relay_dir(), RELAY_TEMPLATE);
sudo_warn("%s/outgoing/%s", logsrvd_conf_relay_dir(), RELAY_TEMPLATE);
debug_return_bool(false);
}
dirlen -= sizeof(RELAY_TEMPLATE) - 1;
@@ -231,8 +226,7 @@ logsrvd_queue_scan(struct sudo_event_base *evbase)
dirp = opendir(path);
if (dirp == NULL) {
sudo_debug_printf(SUDO_DEBUG_ERROR|SUDO_DEBUG_LINENO|SUDO_DEBUG_ERRNO,
"unable to opendir %s", path);
sudo_warn("opendir %s", path);
debug_return_bool(false);
}
prefix_len = strcspn(RELAY_TEMPLATE, "X");
@@ -265,8 +259,7 @@ logsrvd_queue_scan(struct sudo_event_base *evbase)
debug_return_bool(true);
oom:
sudo_debug_printf(SUDO_DEBUG_ERROR|SUDO_DEBUG_LINENO,
"unable to allocate memory");
sudo_warnx(U_("%s: %s"), __func__, U_("unable to allocate memory"));
closedir(dirp);
debug_return_bool(false);
}

112
logsrvd/logsrvd_relay.c
View File

@@ -57,6 +57,7 @@
#include "sudo_eventlog.h"
#include "sudo_gettext.h"
#include "sudo_iolog.h"
#include "sudo_fatal.h"
#include "sudo_queue.h"
#include "sudo_util.h"
@@ -166,8 +167,7 @@ relay_enqueue_write(uint8_t *msgbuf, size_t len,
buf->len = sizeof(msg_len) + len;
if (sudo_ev_add(closure->evbase, relay_closure->write_ev, NULL, false) == -1) {
sudo_debug_printf(SUDO_DEBUG_ERROR|SUDO_DEBUG_LINENO,
"unable to add server write event");
sudo_warnx("%s", U_("unable to add event to queue"));
goto done;
}
@@ -200,8 +200,7 @@ fmt_client_message(struct connection_closure *closure, ClientMessage *msg)
len = client_message__get_packed_size(msg);
if (len > MESSAGE_SIZE_MAX) {
sudo_debug_printf(SUDO_DEBUG_ERROR|SUDO_DEBUG_LINENO,
"client message too large: %zu", len);
sudo_warnx(U_("client message too large: %zu"), len);
goto done;
}
@@ -245,13 +244,11 @@ fmt_client_hello(struct connection_closure *closure)
ret = fmt_client_message(closure, &client_msg);
if (ret) {
if (sudo_ev_add(closure->evbase, relay_closure->read_ev, NULL, false) == -1) {
sudo_debug_printf(SUDO_DEBUG_ERROR|SUDO_DEBUG_LINENO,
"unable to add server read event");
sudo_warnx("%s", U_("unable to add event to queue"));
ret = false;
}
if (sudo_ev_add(closure->evbase, relay_closure->write_ev, NULL, false) == -1) {
sudo_debug_printf(SUDO_DEBUG_ERROR|SUDO_DEBUG_LINENO,
"unable to add server write event");
sudo_warnx("%s", U_("unable to add event to queue"));
ret = false;
}
}
@@ -324,22 +321,19 @@ connect_relay_next(struct connection_closure *closure)
sock = socket(relay->sa_un.sa.sa_family, SOCK_STREAM, 0);
if (sock == -1) {
sudo_debug_printf(SUDO_DEBUG_ERROR|SUDO_DEBUG_LINENO|SUDO_DEBUG_ERRNO,
"unable to allocate relay socket");
sudo_warn("socket");
goto bad;
}
if (logsrvd_conf_relay_tcp_keepalive()) {
int keepalive = 1;
if (setsockopt(sock, SOL_SOCKET, SO_KEEPALIVE, &keepalive,
sizeof(keepalive)) == -1) {
sudo_debug_printf(SUDO_DEBUG_ERROR|SUDO_DEBUG_LINENO|SUDO_DEBUG_ERRNO,
"unable to set SO_KEEPALIVE option");
sudo_warn("SO_KEEPALIVE");
}
}
ret = fcntl(sock, F_GETFL, 0);
if (ret == -1 || fcntl(sock, F_SETFL, ret | O_NONBLOCK) == -1) {
sudo_debug_printf(SUDO_DEBUG_ERROR|SUDO_DEBUG_LINENO|SUDO_DEBUG_ERRNO,
"fcntl(O_NONBLOCK) failed");
sudo_warn("fcntl(O_NONBLOCK)");
goto bad;
}
@@ -355,9 +349,8 @@ connect_relay_next(struct connection_closure *closure)
addr = (char *)&relay->sa_un.sin6.sin6_addr;
break;
default:
sudo_debug_printf(SUDO_DEBUG_ERROR|SUDO_DEBUG_LINENO,
"unsupported address family from connect(): %d",
relay->sa_un.sa.sa_family);
errno = EAFNOSUPPORT;
sudo_warn("connect");
goto bad;
}
inet_ntop(relay->sa_un.sa.sa_family, addr,
@@ -389,8 +382,7 @@ connect_relay_next(struct connection_closure *closure)
goto bad;
if (sudo_ev_add(closure->evbase, relay_closure->connect_ev,
logsrvd_conf_relay_connect_timeout(), false) == -1) {
sudo_debug_printf(SUDO_DEBUG_ERROR|SUDO_DEBUG_LINENO,
"unable to add server connect event");
sudo_warnx("%s", U_("unable to add event to queue"));
goto bad;
}
if (relay_closure->sock != -1)
@@ -507,16 +499,16 @@ handle_server_hello(ServerHello *msg, struct connection_closure *closure)
debug_decl(handle_server_hello, SUDO_DEBUG_UTIL);
if (closure->state != INITIAL) {
sudo_debug_printf(SUDO_DEBUG_ERROR|SUDO_DEBUG_LINENO,
"unexpected state %d", closure->state);
sudo_warnx(U_("unexpected state %d for %s"), closure->state,
relay_closure->relay_name.ipaddr);
closure->errstr = _("state machine error");
debug_return_bool(false);
}
/* Check that ServerHello is valid. */
if (msg->server_id == NULL || msg->server_id[0] == '\0') {
sudo_debug_printf(SUDO_DEBUG_ERROR|SUDO_DEBUG_LINENO,
"invalid ServerHello, missing server_id");
sudo_warnx(U_("%s: invalid ServerHello, missing server_id"),
relay_closure->relay_name.ipaddr);
closure->errstr = _("invalid ServerHello");
debug_return_bool(false);
}
@@ -540,8 +532,8 @@ handle_commit_point(TimeSpec *commit_point, struct connection_closure *closure)
debug_decl(handle_commit_point, SUDO_DEBUG_UTIL);
if (closure->state < RUNNING) {
sudo_debug_printf(SUDO_DEBUG_ERROR|SUDO_DEBUG_LINENO,
"unexpected state %d", closure->state);
sudo_warnx(U_("unexpected state %d for %s"), closure->state,
closure->relay_closure->relay_name.ipaddr);
closure->errstr = _("state machine error");
debug_return_bool(false);
}
@@ -578,8 +570,7 @@ handle_log_id(char *id, struct connection_closure *closure)
if (fmt_log_id_message(id, closure)) {
if (sudo_ev_add(closure->evbase, closure->write_ev,
logsrvd_conf_relay_timeout(), false) == -1) {
sudo_debug_printf(SUDO_DEBUG_ERROR|SUDO_DEBUG_LINENO,
"unable to add server write event");
sudo_warnx("%s", U_("unable to add event to queue"));
} else {
ret = true;
}
@@ -650,8 +641,7 @@ handle_server_message(uint8_t *buf, size_t len, struct connection_closure *closu
sudo_debug_printf(SUDO_DEBUG_INFO, "%s: unpacking ServerMessage", __func__);
msg = server_message__unpack(NULL, len, buf);
if (msg == NULL) {
sudo_debug_printf(SUDO_DEBUG_ERROR|SUDO_DEBUG_LINENO,
"unable to unpack ServerMessage size %zu", len);
sudo_warnx("unable to unpack %s size %zu", "ServerMessage", len);
debug_return_bool(false);
}
@@ -675,9 +665,10 @@ handle_server_message(uint8_t *buf, size_t len, struct connection_closure *closu
ret = handle_server_abort(msg->u.abort, closure);
break;
default:
sudo_debug_printf(SUDO_DEBUG_ERROR|SUDO_DEBUG_LINENO,
"unexpected type_case value %d", msg->type_case);
closure->errstr = _("unrecognized ServerMessage type");
sudo_warnx(U_("unexpected type_case value %d in %s from %s"),
msg->type_case, "ServerMessage",
closure->relay_closure->relay_name.ipaddr);
closure->errstr = _("unrecognized ServerMessage type");
break;
}
@@ -706,8 +697,7 @@ relay_server_msg_cb(int fd, int what, void *v)
}
if (what == SUDO_EV_TIMEOUT) {
sudo_debug_printf(SUDO_DEBUG_ERROR|SUDO_DEBUG_LINENO,
"timed out reading from relay %s (%s)",
sudo_warnx(U_("timed out reading from relay %s (%s)"),
relay_closure->relay_name.name, relay_closure->relay_name.ipaddr);
closure->errstr = _("timeout reading from relay");
goto send_error;
@@ -741,8 +731,7 @@ relay_server_msg_cb(int fd, int what, void *v)
if (!sudo_ev_pending(relay_closure->write_ev, SUDO_EV_WRITE, NULL)) {
/* Enable a temporary write event. */
if (sudo_ev_add(closure->evbase, relay_closure->write_ev, NULL, false) == -1) {
sudo_debug_printf(SUDO_DEBUG_ERROR|SUDO_DEBUG_LINENO,
"unable to add server write event");
sudo_warnx("%s", U_("unable to add event to queue"));
closure->errstr = _("unable to allocate memory");
goto send_error;
}
@@ -767,32 +756,22 @@ relay_server_msg_cb(int fd, int what, void *v)
errstr = ERR_reason_error_string(err);
closure->errstr = _("error reading from relay");
}
sudo_debug_printf(SUDO_DEBUG_ERROR|SUDO_DEBUG_LINENO,
"SSL_read from %s (%s): %s",
relay_closure->relay_name.name,
sudo_warnx("%s: SSL_read: %s",
relay_closure->relay_name.ipaddr, errstr);
goto send_error;
case SSL_ERROR_SYSCALL:
if (nread == 0) {
/* EOF, handled below */
sudo_debug_printf(SUDO_DEBUG_ERROR|SUDO_DEBUG_LINENO,
"EOF from %s (%s) without proper TLS shutdown",
relay_closure->relay_name.name,
sudo_warnx(U_("EOF from %s without proper TLS shutdown"),
relay_closure->relay_name.ipaddr);
break;
}
errstr = strerror(errno);
sudo_debug_printf(SUDO_DEBUG_ERROR|SUDO_DEBUG_LINENO,
"SSL_read from %s (%s): %s",
relay_closure->relay_name.name,
relay_closure->relay_name.ipaddr, errstr);
sudo_warn("%s: SSL_read", relay_closure->relay_name.ipaddr);
closure->errstr = _("error reading from relay");
goto send_error;
default:
errstr = ERR_reason_error_string(ERR_get_error());
sudo_debug_printf(SUDO_DEBUG_ERROR|SUDO_DEBUG_LINENO,
"SSL_read from %s (%s): %s",
relay_closure->relay_name.name,
sudo_warnx("%s: SSL_read: %s",
relay_closure->relay_name.ipaddr, errstr);
closure->errstr = _("error reading from relay");
goto send_error;
@@ -814,9 +793,7 @@ relay_server_msg_cb(int fd, int what, void *v)
case -1:
if (errno == EAGAIN)
debug_return;
sudo_debug_printf(SUDO_DEBUG_ERROR|SUDO_DEBUG_LINENO|SUDO_DEBUG_ERRNO,
"read from %s (%s)", relay_closure->relay_name.name,
relay_closure->relay_name.ipaddr);
sudo_warn("%s: read", relay_closure->relay_name.ipaddr);
closure->errstr = _("unable to read from relay");
goto send_error;
case 0:
@@ -848,8 +825,7 @@ relay_server_msg_cb(int fd, int what, void *v)
msg_len = ntohl(msg_len);
if (msg_len > MESSAGE_SIZE_MAX) {
sudo_debug_printf(SUDO_DEBUG_ERROR|SUDO_DEBUG_LINENO,
"server message too large: %u", msg_len);
sudo_warnx(U_("server message too large: %zu"), (size_t)msg_len);
closure->errstr = _("server message too large");
goto send_error;
}
@@ -914,16 +890,15 @@ relay_client_msg_cb(int fd, int what, void *v)
}
if (what == SUDO_EV_TIMEOUT) {
closure->errstr = _("timeout writing to relay");
sudo_debug_printf(SUDO_DEBUG_ERROR|SUDO_DEBUG_LINENO,
"timed out writing to relay %s (%s)",
sudo_warnx(U_("timed out writing to relay %s (%s)"),
relay_closure->relay_name.name, relay_closure->relay_name.ipaddr);
closure->errstr = _("timeout writing to relay");
goto send_error;
}
if ((buf = TAILQ_FIRST(&relay_closure->write_bufs)) == NULL) {
sudo_debug_printf(SUDO_DEBUG_ERROR|SUDO_DEBUG_LINENO,
"missing write buffer");
sudo_warnx(U_("missing write buffer for client %s"),
relay_closure->relay_name.ipaddr);
goto close_connection;
}
@@ -968,17 +943,13 @@ relay_client_msg_cb(int fd, int what, void *v)
debug_return;
case SSL_ERROR_SYSCALL:
errstr = strerror(errno);
sudo_debug_printf(SUDO_DEBUG_ERROR|SUDO_DEBUG_LINENO,
"SSL_write to %s (%s): %s",
relay_closure->relay_name.name,
relay_closure->relay_name.ipaddr, errstr);
sudo_warn("%s: SSL_write",
relay_closure->relay_name.ipaddr);
closure->errstr = _("error writing to relay");
goto send_error;
default:
errstr = ERR_reason_error_string(ERR_get_error());
sudo_debug_printf(SUDO_DEBUG_ERROR|SUDO_DEBUG_LINENO,
"SSL_write to %s (%s): %s",
relay_closure->relay_name.name,
sudo_warnx("%s: SSL_write: %s",
relay_closure->relay_name.ipaddr, errstr);
closure->errstr = _("error writing to relay");
goto send_error;
@@ -989,9 +960,7 @@ relay_client_msg_cb(int fd, int what, void *v)
{
nwritten = write(fd, buf->data + buf->off, buf->len - buf->off);
if (nwritten == -1) {
sudo_debug_printf(SUDO_DEBUG_ERROR|SUDO_DEBUG_LINENO|SUDO_DEBUG_ERRNO,
"write to %s (%s)", relay_closure->relay_name.name,
relay_closure->relay_name.ipaddr);
sudo_warn("%s: write", relay_closure->relay_name.ipaddr);
closure->errstr = _("error writing to relay");
goto send_error;
}
@@ -1142,8 +1111,7 @@ relay_restart(RestartMessage *msg, uint8_t *buf, size_t len,
ret = fmt_client_message(closure, &client_msg);
if (ret) {
if (sudo_ev_add(evbase, relay_closure->write_ev, NULL, false) == -1) {
sudo_debug_printf(SUDO_DEBUG_ERROR|SUDO_DEBUG_LINENO,
"unable to add server write event");
sudo_warnx("%s", U_("unable to add event to queue"));
ret = false;
}
}

5
logsrvd/sendlog.c
View File

@@ -299,8 +299,7 @@ fmt_client_message(struct connection_buffer *buf, ClientMessage *msg)
free(buf->data);
buf->size = sudo_pow2_roundup(len);
if ((buf->data = malloc(buf->size)) == NULL) {
sudo_debug_printf(SUDO_DEBUG_ERROR|SUDO_DEBUG_LINENO,
"unable to malloc %u", buf->size);
sudo_warnx(U_("%s: %s"), __func__, U_("unable to allocate memory"));
buf->size = 0;
goto done;
}
@@ -1055,7 +1054,7 @@ handle_server_message(uint8_t *buf, size_t len,
sudo_debug_printf(SUDO_DEBUG_INFO, "%s: unpacking ServerMessage", __func__);
msg = server_message__unpack(NULL, len, buf);
if (msg == NULL) {
sudo_warnx("%s", U_("unable to unpack ServerMessage"));
sudo_warnx("unable to unpack %s size %zu", "ServerMessage", len);
debug_return_bool(false);
}

26
logsrvd/tls_init.c
View File

@@ -54,6 +54,7 @@ static bool
verify_cert_chain(SSL_CTX *ctx, const char *cert_file)
{
#ifdef HAVE_SSL_CTX_GET0_CERTIFICATE
const char *errstr;
bool ret = false;
X509_STORE_CTX *store_ctx = NULL;
X509_STORE *ca_store;
@@ -62,23 +63,20 @@ verify_cert_chain(SSL_CTX *ctx, const char *cert_file)
debug_decl(verify_cert_chain, SUDO_DEBUG_UTIL);
if ((x509 = SSL_CTX_get0_certificate(ctx)) == NULL) {
sudo_debug_printf(SUDO_DEBUG_ERROR|SUDO_DEBUG_LINENO,
"unable to get X509 object from SSL_CTX: %s",
ERR_error_string(ERR_peek_error(), NULL));
errstr = ERR_reason_error_string(ERR_get_error());
sudo_warnx("SSL_CTX_get0_certificate: %s", errstr);
goto done;
}
if ((store_ctx = X509_STORE_CTX_new()) == NULL) {
sudo_debug_printf(SUDO_DEBUG_ERROR|SUDO_DEBUG_LINENO,
"unable to allocate X509_STORE_CTX object: %s",
ERR_error_string(ERR_peek_error(), NULL));
errstr = ERR_reason_error_string(ERR_get_error());
sudo_warnx("X509_STORE_CTX_new: %s", errstr);
goto done;
}
if (!SSL_CTX_get0_chain_certs(ctx, &chain_certs)) {
sudo_debug_printf(SUDO_DEBUG_ERROR|SUDO_DEBUG_LINENO,
"unable to get chain certs: %s",
ERR_error_string(ERR_peek_error(), NULL));
errstr = ERR_reason_error_string(ERR_get_error());
sudo_warnx("SSL_CTX_get0_chain_certs: %s", errstr);
goto done;
}
@@ -86,16 +84,14 @@ verify_cert_chain(SSL_CTX *ctx, const char *cert_file)
X509_STORE_set_flags(ca_store, X509_V_FLAG_X509_STRICT);
if (!X509_STORE_CTX_init(store_ctx, ca_store, x509, chain_certs)) {
sudo_debug_printf(SUDO_DEBUG_ERROR|SUDO_DEBUG_LINENO,
"unable to initialize X509_STORE_CTX object: %s",
ERR_error_string(ERR_peek_error(), NULL));
errstr = ERR_reason_error_string(ERR_get_error());
sudo_warnx("X509_STORE_CTX_init: %s", errstr);
goto done;
}
if (X509_verify_cert(store_ctx) <= 0) {
sudo_debug_printf(SUDO_DEBUG_ERROR|SUDO_DEBUG_LINENO,
"unable to verify cert %s: %s", cert_file,
ERR_error_string(ERR_peek_error(), NULL));
errstr = ERR_reason_error_string(ERR_get_error());
sudo_warnx("X509_verify_cert: %s", errstr);
goto done;
}