isa/sudo
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
12,419 Commits 1 Branch 0 Tags
45fdfa18f1d46a1d6171a8f94f0fa9396b51de20
Commit Graph

169 Commits

Author SHA1 Message Date
Rose
45fdfa18f1 Mark functions not returning as sudo_noreturn 
We also put NOTREACHED where it applies.
 2023-07-01 17:40:16 -04:00
Todd C. Miller
f437c66a2a Merge pull request #265 from AtariDreams/types 
Avoid compiler casting warnings by assigning to variables of the same type where possible
 2023-06-29 10:06:30 -06:00
Rose
2c13d7130c We should be returning 0, not 1, when logservd finishes without errors 
1 is for failure, 0 is for no failure, and this does not look like a failure.
 2023-06-28 17:27:13 -04:00
Rose
e54ba33ea0 Avoid compiler casting warnings by assigning to the same type where possible 
This saves instructions that are related to casting as well as compiler warnings.
 2023-06-28 17:25:26 -04:00
Todd C. Miller
4363d03ef7 Convert config file paths to colon-separated path list. 
This means that _PATH_SUDO_CONF, _PATH_SUDOERS, _PATH_SUDO_LOGSRVD_CONF,
and _PATH_CVTSUDOERS_CONF can now specify multiple files.  The first
file that exists is used.
 2023-05-02 10:37:38 -06:00
Todd C. Miller
b013711e48 Check for sudo_pow2_roundup() overflow. 
Calling sudo_pow2_roundup(INT_MAX+2) will return since there is no
power of 2 larger than INT_MAX+1 that fits in an unsigned int.
This is not an issue in practice since we restrict messages to 2Mib.
 2023-03-01 13:58:32 -07:00
Todd C. Miller
0b2e662b2e Protect use of AF_INET6 with HAVE_STRUCT_IN6_ADDR guards. 
From Tim Rice.
 2023-01-31 12:22:47 -07:00
Todd C. Miller
e6f2ad0ed6 Add missing NULL checks for mandatory fields in protobuf messages. 
Also no longer reject an InfoMessage with an unknown value_case,
just log and ignore it.
 2022-09-28 08:47:25 -06:00
Todd C. Miller
9d654482b2 Convert remaining uses of sudo_mkdir_parents() to sudo_open_parent_dir(). 2022-09-21 19:08:15 -06:00
Todd C. Miller
b6151781ce Quiet some harmless PVS Studio warnings. 2022-06-29 10:08:55 -06:00
Todd C. Miller
3e21c8da5c Add missing PVS Studio Open Source comments. 
Also avoid checking protobuf-c source and protobuf-c generated files.
 2022-06-29 09:45:04 -06:00
Todd C. Miller
e5834bd405 Use #include <config.h> not #include "config.h" for consistency. 
Otherwise, some compilers may do the wrong thing in a build
dir if there is a config.h file in the source dir too.
 2022-06-29 08:47:16 -06:00
Todd C. Miller
f5ac1317c4 Make sudo pass -Wmissing-prototypes 2022-06-27 12:48:03 -06:00
Todd C. Miller
161b01fccd Treat EINTR in a callback like we do EAGAIN. 
We shouldn't get EINTR in practice since we set SA_RESTART when
registering signal handlers but it doesn't hurt to be consistent.
 2022-06-07 09:25:07 -06:00
Todd C. Miller
db6fc237c4 If write(2) returns EAGAIN just re-enter the event loop. 
This is consistent with how we handle EAGAIN for read(2).
 2022-06-06 19:42:06 -06:00
Todd C. Miller
aee276ea63 Quiet two clang analyzer false positives. 2022-06-03 11:05:34 -06:00
Todd C. Miller
5012c7f978 union sockaddr_union: pass in sockaddr_union * instead of sockaddr *. 
This eliminates the need for a few casts and is consistent with how
create_listener() is written.
 2022-06-03 10:11:37 -06:00
Todd C. Miller
38c6e1bffb Standardize protobuf "unable to unpack" warning messages. 2022-05-26 09:35:18 -06:00
Todd C. Miller
d7df7abf87 If ERR_reason_error_string() returns NULL, fall back on strerror(errno). 
That way we get reasonable error messages for missing files, etc.
 2022-05-17 09:18:03 -06:00
Todd C. Miller
c13b21c199 Avoid TOCTOU in sudo_mkdir_parents() using openat(2) and mkdirat(2). 
This also allows us to make path const as it should be.
 2021-12-11 08:35:18 -07:00
Todd C. Miller
cc6157d7d4 Add support for WolfSSL's OpenSSL compatibility layer. 
Based on changes from Hayden Roche
 2021-10-25 13:17:57 -06:00
Todd C. Miller
87c1dd9d7d Move include of log_server.pb-c.h into logsrvd.h and sendlog.h 
This way there is no include file order issue with the
PROTOBUF_C_VERSION_NUMBER check.
 2021-10-25 12:25:24 -06:00
Todd C. Miller
02e77e656b Fix potential use-after-free when calling iolog_flush_all(). 
We need to call iolog_flush_all() _before_ scheduling the commit point.
If we fail to schedule to commit point, the closure will be freed.
Coverity CID 220557
 2021-10-19 11:57:32 -06:00
Todd C. Miller
15b4427b9a No need to flush logs before commit point if we flush after each write. 
Also document that logs are flushed before sending a commit point
even when flushing is disabled.
 2021-10-16 07:58:44 -06:00
Todd C. Miller
a554629d84 Flush I/O logs before we send a commit point. 
The commit point message means we have written the data to disk so
we should not be buffering it any longer.
We do not currently fsync(2) the data after flushing, perhaps we should.
 2021-10-15 19:10:34 -06:00
Todd C. Miller
70aef0eb2d sudo_debug_register: add minfd argument to specify lowest fd number 
Use this in sudo_intercept.so to avoid allocating a low-numbered
fd which the shell reserves for use by scripts.
 2021-08-26 09:57:24 -06:00
Todd C. Miller
9248ea6bbe Set umask to be less restrictive before creating parent directories. 
Otherwise we could end up creating them with a more restrictive
mode than indended.  Coverity CID 221592
 2021-08-14 10:49:51 -06:00
Todd C. Miller
0e2094471b Call shutdown() on sockets before closing() if they are connected. 
This should ensure that the other side sees any queued data before
the connection is dropped.
 2021-08-11 14:08:48 -06:00
Todd C. Miller
79129613e5 If SSL_shutdown() returns 0 it needs to be called one more time. 2021-08-11 10:16:36 -06:00
Todd C. Miller
9d776b4e7b Allow multiple accept/reject messages during a logsrv conversation. 
The log server now advertises a subcommands flag if it supports
logging subcommands (e.g. commands run from a sudo-spawned program
like a shell).  The client should only log additional commands
during a session if this flag is set in the ServerHello message.
 2021-08-09 15:50:25 -06:00
Todd C. Miller
030746ce57 Fix dead store found by clang analyzer. 2021-06-19 12:56:31 -06:00
Todd C. Miller
efaa173fbe Replace logsrvd_is_early() with logsrvd_warn_stderr(). 
This is now defined in logsrvd_conf.c which removes a dependency
on another compilation unit for the fuzzer.
 2021-06-16 08:45:29 -06:00
Todd C. Miller
74f034cbfb Reduce scope of errstr variable so it is only declared for OpenSSL. 2021-06-15 14:37:59 -06:00
Todd C. Miller
5a3bbba12b Use sudo_warnx?() instead of sudo_debug_printf for errors. 
We now hook the warn functions so the messages are logged.
The messages still show up in the debug log too.
 2021-06-15 13:58:12 -06:00
Todd C. Miller
2c1988410e Add support for logging server warning/error messages. 
We can use sudo_warn_set_conversation() to set a conversation
function that either writes to a log file or calls syslog().
 2021-06-13 18:27:36 -06:00
Todd C. Miller
7b33974f21 Remove logsrvd closure ERROR state and use a boolean flag instead. 
Fixes a bug where we would not insert a journal file that failed
to relay into the queue because its state was changed from CONNECTING
to ERROR after failing to connect.
 2021-06-08 19:51:54 -06:00
Todd C. Miller
caf096e1a1 Update closure->elapsed_time in journal_seek(). 
Otherwise the commit point messages won't be accurate when restarting.
 2021-05-04 10:45:12 -06:00
Todd C. Miller
5a39066343 Disable reading from client or relay when sending error to client. 
We treat an error from the relay as fatal and must stop processing
data from both client and relay to make sure we don't get out of sync.
 2021-05-03 19:18:10 -06:00
Todd C. Miller
c3534712de Fix I/O log restart of locally-store logs. 
This got broken a while ago when evlog in struct connection_closure
was changed to a pointer.
 2021-05-03 16:54:25 -06:00
Todd C. Miller
177816b787 Send outgoing messages to the relay server on startup. 
Also attempt to retry messages that could not be relayed periodically.
 2021-05-01 16:27:21 -06:00
Todd C. Miller
01bdfd3be2 Write client and server information to debug file on SIGUSR1 
This can be used to debug client problems such as a connection
not being closed as expected.
 2021-04-29 16:20:02 -06:00
Todd C. Miller
f92bb8840c Create journal files in an incoming directory, move to outgoing when complete. 
This will make it possible to process completed journal files
periodically if the relay server is down.
 2021-04-29 14:19:08 -06:00
Todd C. Miller
84a01d3a93 Move local iolog log functions to logsrvd_local.c 2021-04-27 14:46:27 -06:00
Todd C. Miller
e55991f244 Update debug pid string when sudo_logsrvd becomes a daemon. 2021-04-27 08:57:11 -06:00
Todd C. Miller
f25275ad5b Must call SSL_shutdown() before closing the underlying socket. 
This got broken by some code rearrangement when relay mode was added.
 2021-04-26 19:07:40 -06:00
Todd C. Miller
67029f3cc4 Recover if the client or relay server closes the TLS connection uncleanly. 
The other end of the connection should perform a proper TLS shutdown
but as long as we are in the correct state there is no need to treat
this as a user-visible error.
 2021-04-26 17:05:34 -06:00
Todd C. Miller
d9f0eba1fa Set a restrictive umask so new files are only read/write by owner. 
Coverity CID 221402
 2021-04-23 18:58:55 -06:00
Todd C. Miller
bfd5803bd2 In connection_closure_free() only close sock if it is not -1. 
When relaying from a journal there will be no socket.
Coverity CID 221403
 2021-04-23 17:02:35 -06:00
Todd C. Miller
57b8122cf3 Avoid potential NULL dereference in get_free_buf(). 
Coverity CID 221400
 2021-04-23 16:56:29 -06:00
Todd C. Miller
21641a27e4 Remove some now-dead code in the error path. 
Coverity CID 221397 and 221398
 2021-04-23 16:56:23 -06:00