isa/sudo
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Better client error reporting on relay server connection error.

Browse Source 
More detailed error messages may be found in the debug log.
This commit is contained in:
Todd C. Miller
2021-04-27 12:25:19 -06:00
parent e55991f244
commit 6d8942e82c
1 changed files with 25 additions and 13 deletions
Download Patch File Download Diff File Expand all files Collapse all files

34
logsrvd/logsrvd_relay.c
View File

@@ -425,15 +425,21 @@ connect_cb(int sock, int what, void *v)
#if defined(HAVE_OPENSSL) #if defined(HAVE_OPENSSL)
/* Relay connection succeeded, start TLS handshake. */ /* Relay connection succeeded, start TLS handshake. */
if (relay_closure->relay_addr->tls) { if (relay_closure->relay_addr->tls) {
if (!connect_relay_tls(closure)) if (!connect_relay_tls(closure)) {
closure->errstr = _("TLS handshake with relay host failed");
if (!schedule_error_message(closure->errstr, closure))
connection_close(closure); connection_close(closure);
}
} else } else
#endif #endif
{ {
/* Relay connection succeeded, start talking to the client. */ /* Relay connection succeeded, start talking to the client. */
if (!start_relay(sock, closure)) if (!start_relay(sock, closure)) {
closure->errstr = _("unable to allocate memory");
if (!schedule_error_message(closure->errstr, closure))
connection_close(closure); connection_close(closure);
} }
}
} else { } else {
/* Connection failed, try next relay (if any). */ /* Connection failed, try next relay (if any). */
int res; int res;
@@ -449,7 +455,8 @@ connect_cb(int sock, int what, void *v)
} }
if (res == -1 && errno != EINPROGRESS) { if (res == -1 && errno != EINPROGRESS) {
closure->errstr = _("unable to connect to relay host"); closure->errstr = _("unable to connect to relay host");
closure->state = ERROR; if (!schedule_error_message(closure->errstr, closure))
connection_close(closure);
} }
} }
@@ -497,6 +504,7 @@ handle_server_hello(ServerHello *msg, struct connection_closure *closure)
sudo_debug_printf(SUDO_DEBUG_ERROR|SUDO_DEBUG_LINENO, sudo_debug_printf(SUDO_DEBUG_ERROR|SUDO_DEBUG_LINENO,
"unexpected state %d", closure->state); "unexpected state %d", closure->state);
closure->errstr = _("state machine error"); closure->errstr = _("state machine error");
debug_return_bool(false);
} }
/* Check that ServerHello is valid. */ /* Check that ServerHello is valid. */
@@ -745,15 +753,17 @@ relay_server_msg_cb(int fd, int what, void *v)
err = ERR_get_error(); err = ERR_get_error();
if (closure->state == INITIAL && if (closure->state == INITIAL &&
ERR_GET_REASON(err) == SSL_R_TLSV1_ALERT_INTERNAL_ERROR) { ERR_GET_REASON(err) == SSL_R_TLSV1_ALERT_INTERNAL_ERROR) {
errstr = "host name does not match certificate"; errstr = _("relay host name does not match certificate");
closure->errstr = errstr;
} else { } else {
errstr = ERR_reason_error_string(err); errstr = ERR_reason_error_string(err);
closure->errstr = _("error reading from relay");
} }
sudo_debug_printf(SUDO_DEBUG_ERROR|SUDO_DEBUG_LINENO, sudo_debug_printf(SUDO_DEBUG_ERROR|SUDO_DEBUG_LINENO,
"SSL_read from %s (%s): %s", "SSL_read from %s (%s): %s",
relay_closure->relay_name.name, relay_closure->relay_name.name,
relay_closure->relay_name.ipaddr, errstr); relay_closure->relay_name.ipaddr, errstr);
goto close_connection; goto send_error;
case SSL_ERROR_SYSCALL: case SSL_ERROR_SYSCALL:
if (nread == 0) { if (nread == 0) {
/* EOF, handled below */ /* EOF, handled below */
@@ -768,14 +778,16 @@ relay_server_msg_cb(int fd, int what, void *v)
"SSL_read from %s (%s): %s", "SSL_read from %s (%s): %s",
relay_closure->relay_name.name, relay_closure->relay_name.name,
relay_closure->relay_name.ipaddr, errstr); relay_closure->relay_name.ipaddr, errstr);
goto close_connection; closure->errstr = _("error reading from relay");
goto send_error;
default: default:
errstr = ERR_reason_error_string(ERR_get_error()); errstr = ERR_reason_error_string(ERR_get_error());
sudo_debug_printf(SUDO_DEBUG_ERROR|SUDO_DEBUG_LINENO, sudo_debug_printf(SUDO_DEBUG_ERROR|SUDO_DEBUG_LINENO,
"SSL_read from %s (%s): %s", "SSL_read from %s (%s): %s",
relay_closure->relay_name.name, relay_closure->relay_name.name,
relay_closure->relay_name.ipaddr, errstr); relay_closure->relay_name.ipaddr, errstr);
goto close_connection; closure->errstr = _("error reading from relay");
goto send_error;
} }
} }
} else } else
@@ -808,10 +820,10 @@ relay_server_msg_cb(int fd, int what, void *v)
if (closure->state != FINISHED) { if (closure->state != FINISHED) {
sudo_debug_printf(SUDO_DEBUG_WARN|SUDO_DEBUG_LINENO, sudo_debug_printf(SUDO_DEBUG_WARN|SUDO_DEBUG_LINENO,
"unexpected EOF from %s (%s) [state %d]", "premature EOF from %s (%s) [state %d]",
relay_closure->relay_name.name, relay_closure->relay_name.name,
relay_closure->relay_name.ipaddr, closure->state); relay_closure->relay_name.ipaddr, closure->state);
closure->errstr = _("unexpected EOF from relay"); closure->errstr = _("relay server closed connection");
goto send_error; goto send_error;
} }
debug_return; debug_return;
@@ -927,9 +939,9 @@ relay_client_msg_cb(int fd, int what, void *v)
if (closure->state != FINISHED) { if (closure->state != FINISHED) {
sudo_debug_printf(SUDO_DEBUG_WARN|SUDO_DEBUG_LINENO, sudo_debug_printf(SUDO_DEBUG_WARN|SUDO_DEBUG_LINENO,
"unexpected EOF from %s (state %d)", "premature EOF from %s (state %d)",
relay_closure->relay_name.ipaddr, closure->state); relay_closure->relay_name.ipaddr, closure->state);
closure->errstr = _("unexpected EOF from relay"); closure->errstr = _("relay server closed connection");
goto send_error; goto send_error;
} }
debug_return; debug_return;