isa/sudo
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
10,262 Commits 1 Branch 0 Tags
03ad96e44580182effdb9b896938b6871bfbd8f1
Commit Graph

52 Commits

Author SHA1 Message Date
Todd C. Miller
03ad96e445 Use the fallthrough attribute instead of /* FALLTHROUGH */ comments. 2020-08-01 13:10:50 -06:00
Todd C. Miller
8da1f31954 Fix memory leak on error in fmt_info_messages(). 2020-06-06 14:08:34 -06:00
Todd C. Miller
84f0ae0cb8 Use PACKAGE_VERSION instead of 0.1 as the client and server version. 2020-05-18 11:33:13 -06:00
Todd C. Miller
27355e6aae Fix handling of accept and reject messages without an I/O log. 
Only set expect_iobufs in AcceptMessage if sending I/O logs.
Set state to FINISHED immediately after sending a RejectMessage.
 2020-05-12 19:19:16 -06:00
Todd C. Miller
d5888e2745 Add -A and -R options to test logging of accept and reject events. 
If -A is specified, no I/O will be sent, only the accept event.
For -R, a reject event with the specified reason is sent.
 2020-05-12 14:45:46 -06:00
Todd C. Miller
6901fc97ac Add a ClientHello message that client sends to the server. 
This makes it easier to detect a plaintext client sending to a
TLS port.  Without this, the TLS server will be silent as it
waits for the client to initiate the TLS connection.
 2020-05-05 13:23:26 -06:00
Todd C. Miller
1e765e1caf Better error messages when there is a problem with the TLS connection. 
If SSL_read, SSL_write or SSL_connect fails we can use the reason
string to let the user know what the problem is.
 2020-05-05 13:23:26 -06:00
Todd C. Miller
e5f8214c0a Remove the tls parameter from the ServerHello message. 
The TLS connection is now initiated before ServerHello is received.
 2020-05-05 13:23:26 -06:00
Todd C. Miller
1659d96c55 Use port 30343 for plaintext and port 30344 for TLS. 
For TLS connections we now do the TLS handshake immediately before
the ServerHello message.  This lets the client recieve an alert
from the server is there is a handshake error after the TLS connect
has succeeded.  It also means that the contents of the ServerHello
are protected from a man-in-the-middle attack.
 2020-05-05 13:23:26 -06:00
Todd C. Miller
7d621fc6f1 Plug memory leaks in sudo_sendlog 2020-05-04 11:25:47 -06:00
Todd C. Miller
aba4915b83 On error, remove the connection with an error without freeing the closure. 
Fixes the final message at the end when there is a network error.
 2020-04-30 15:54:35 -06:00
Todd C. Miller
5dec0f763f Allow -t option even without OpenSSL 
Also add -t to the usage message
 2020-04-23 14:16:02 -06:00
Todd C. Miller
0fafcf6aea Use sudo_strtonum() instead of relying on strtoll(). 
Older, pre-C99, systems may not include strtoll() in their C library.
 2020-04-23 11:15:03 -06:00
Todd C. Miller
69b6783be6 Store the result of ERR_get_error() so we can use it for both warn and debug. 
Otherwise, only the debug framework gets the actual error and the
user won't see the problem.
 2020-04-08 09:26:41 -06:00
Todd C. Miller
ea9b711a70 Write an extended I/O info log in JSON format. 
This will be used by sudoreplay if it exists to get more information
about the command being replayed.
 2020-03-29 05:05:08 -06:00
Todd C. Miller
a644c1d1d2 iolog_parse_loginfo() now opens the log file itself. 2020-03-29 05:05:08 -06:00
Todd C. Miller
5034ea91be Some new source files got created with my old email address. 2020-03-29 05:05:08 -06:00
Todd C. Miller
f561e2cafe Store the event base in the client closure. 
Explicitly passing the event base removes the need to set a default base.
 2020-03-01 13:36:59 -07:00
Todd C. Miller
ac61b5655d Use EXIT_SUCCESS and EXIT_FAILURE more consistently. 2020-02-08 12:43:00 -07:00
Todd C. Miller
630fc9b17b Make restart and elapsed members of the closure structs not pointers. 
Fixes coverity CID 207992
 2020-02-07 13:12:38 -07:00
Laszlo Orban
0ca2d1427b fixed compiler error when sudo is configured without --enable-openssl 2020-02-03 06:09:47 -07:00
Laszlo Orban
1e5562df93 Refactor sudo_sendlog in order to be able to send one I/O log multiple times in parallel (for testing purposes) 2020-01-31 13:45:13 -07:00
Laszlo Orban
9935a7e2ff Rename tls_checkpeer to tls_reqcert in ServerHello message 2020-01-23 10:12:12 -07:00
Todd C. Miller
dde86e585f Add support for building on OpenSSL 1.0.2. 
This adds compatibility defines for some OpenSSL 1.1.x functions.
 2020-01-21 13:27:40 -07:00
Todd C. Miller
2d91555e85 Fix handling of SSL_ERROR_WANT_{READ,WRITE} during normal I/O. 
If we get SSL_ERROR_WANT_WRITE during SSL_read(), we need to resume
the SSL_read(), not call SSL_write() as we were doing.  Likewise
for SSL_ERROR_WANT_READ received from SSL_write().
This introduces a flag so we call the proper callback even when
the I/O direction doesn't match the read/write calls.
 2020-01-20 12:42:39 -07:00
Todd C. Miller
36b3362b99 Fix TLS connect when SSL_connect returns SSL_ERROR_WANT_READ. 
We need to switch from SUDO_EV_WRITE to SUDO_EV_READ for this case.
Also make the tls connect events private to tls_timed_connect()
with their own closure.  There is no need to store them in the
client closure.
 2020-01-16 17:37:45 -07:00
Todd C. Miller
920cdf421a Check for sudo_ev_add() failure; Coverity CID 206395 206397 2020-01-03 04:48:56 -07:00
Todd C. Miller
486ee2b71f debug_decl and debug_decl_vars now require a semicolon at the end. 2019-12-22 08:48:16 -07:00
Laszlo Orban
f4bbce6708 adapt sudo sendlog (async communication, unencrypted ServerHello message) 2019-11-26 08:36:02 +01:00
Todd C. Miller
68480b0959 Minor style nits that I missed during review. 2019-11-15 12:48:42 -07:00
Todd C. Miller
c9da8d4084 Avoid calling SSL_CTX_free() on an uninitialized pointer in an error path. 2019-11-15 12:26:44 -07:00
Laszlo Orban
8c8023d212 update sudo_sendlog to support openssl tls 2019-11-15 09:52:48 +01:00
Todd C. Miller
73031bbb55 Rename cwd -> submitcwd to match man page. 2019-11-05 15:18:07 -07:00
Todd C. Miller
f1d0c99e03 Move bufsize_roundup() -> sudo_pow2_roundup() in libsudo_util. 2019-11-02 12:03:44 -06:00
Todd C. Miller
0129f3a72a Remove unused copy of iolog_seekto(). 2019-10-27 10:40:29 -06:00
Todd C. Miller
56c21243d7 Add iolog_ prefix to exported functions in iolog_util.c 2019-10-24 20:04:33 -06:00
Todd C. Miller
822fd99b60 Fix Coverity CID 204353, fd leak on error path. 2019-10-24 20:04:32 -06:00
Todd C. Miller
e74134d04d Fix some warnings from the clang static analyzer. 2019-10-24 20:04:32 -06:00
Todd C. Miller
728ed2100b Rename buffer.c -> logsrv_util.c and add iolog_seekto() 2019-10-24 20:04:32 -06:00
Todd C. Miller
b58ecb7e6d Move read_timing_record() into libsudo_iolog 2019-10-24 20:04:32 -06:00
Todd C. Miller
0ab2d8299b Fix client side of restart. 
Seek to the target point there too so we start sending from the right place.
 2019-10-24 20:04:32 -06:00
Todd C. Miller
66fc926959 Allow messages up to 2Mb in size. 2019-10-24 20:04:32 -06:00
Todd C. Miller
c25b6dc7ec Add OpenBSD malloc options. 2019-10-24 20:04:32 -06:00
Todd C. Miller
216747476f Add long option support to logsrvd and sendlog. 2019-10-24 20:04:32 -06:00
Todd C. Miller
af7f65fdfd Mark logsrvd and sendlog strings for translation in the sudoers domain 2019-10-24 20:04:32 -06:00
Todd C. Miller
077e9aebbf Rename ExecMessage -> AcceptMessage and add RejectMessage 2019-10-24 20:04:31 -06:00
Todd C. Miller
282263c113 Use openat(2) when opening files in the I/O log directory. 2019-10-24 20:04:31 -06:00
Todd C. Miller
059b55ce72 Refactor code in sudoers that creates I/O log files to share with logsrvd. 2019-10-24 20:04:31 -06:00
Todd C. Miller
e76d2e8201 Add support for restarting I/O log transfers. 2019-10-24 20:04:30 -06:00
Todd C. Miller
706553f9d3 Add debugging for logsrvd and sendlog 2019-10-24 20:04:30 -06:00