isa/sudo
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
10,206 Commits 1 Branch 0 Tags
49e43f580c67609dfa123e35d2394a9af8d076ab
Commit Graph

43 Commits

Author SHA1 Message Date
Todd C. Miller
dd88460800 We no longer need to include headers we don't use for sudo*.h files. 
Previously we needed to include headers required by the various
sudo*h files.  Now those files are more self-sufficient and we
should only include headers needed by code in the various .c files.
 2020-05-18 06:47:04 -06:00
Todd C. Miller
83d1bee918 Rename sudo_parse_host_port -> iolog_parse_host_port and mv to lib/iolog 
It is not used outside of the I/O log client and server and the
host:port syntax may change in the future.
 2020-05-11 08:47:54 -06:00
Todd C. Miller
fc79cbc317 Only enable TLS listener by default if we have a cert for it. 
We want the log server to work with the default configuration.  If
the default certificate path exists, it will be used with the default
listener.  If the user explicitly enabled a TLS listener we always
attempt to use it.  If TLS was specified but no cert file was set,
the default location will be used (and an error will occur if the
cert cannot be loaded).
 2020-05-08 16:07:55 -06:00
Todd C. Miller
0cf2e09e0c Apply spelling fixes. 
Fixes from PR #30 (ka7) and Bug #925 (fossies.org codespell)
 2020-05-06 09:27:43 -06:00
Todd C. Miller
6901fc97ac Add a ClientHello message that client sends to the server. 
This makes it easier to detect a plaintext client sending to a
TLS port.  Without this, the TLS server will be silent as it
waits for the client to initiate the TLS connection.
 2020-05-05 13:23:26 -06:00
Todd C. Miller
1e765e1caf Better error messages when there is a problem with the TLS connection. 
If SSL_read, SSL_write or SSL_connect fails we can use the reason
string to let the user know what the problem is.
 2020-05-05 13:23:26 -06:00
Todd C. Miller
1f8da42f9a Warn about tls errors during startup so the user has a clue. 
We write messages to stderr until we become a daemon.
 2020-05-05 13:23:26 -06:00
Todd C. Miller
8186b98208 Adapt sudoers iolog client to log server dual port changes. 
The TLS handshake now occurs before the ServerHello message is read.
This fixes potential man-in-the-middle attacks and works better with
TLS 1.3.
 2020-05-05 13:23:26 -06:00
Todd C. Miller
b5a317aeb9 Add support for a tls flag in sudo_parse_host_port(). 
If the string "(tls)" appears at the end, the tls flag is set to true
and the default tls port is used if necessary.
 2020-05-05 13:23:26 -06:00
Todd C. Miller
7d621fc6f1 Plug memory leaks in sudo_sendlog 2020-05-04 11:25:47 -06:00
Todd C. Miller
aba4915b83 On error, remove the connection with an error without freeing the closure. 
Fixes the final message at the end when there is a network error.
 2020-04-30 15:54:35 -06:00
Todd C. Miller
3b7768be76 Don't free TLS on error in tls_init(), it is freed in client_closure_free(). 
Fixes a double free on error introduced with the TLS state cleanup in
client_closure_free().
 2020-04-28 10:52:09 -06:00
Todd C. Miller
557be2b0b1 Shut down the TLS connection cleanly in client_closure_free(). 
Also free the SSL data which is part of the client closure.
 2020-04-21 15:01:44 -06:00
Todd C. Miller
69b6783be6 Store the result of ERR_get_error() so we can use it for both warn and debug. 
Otherwise, only the debug framework gets the actual error and the
user won't see the problem.
 2020-04-08 09:26:41 -06:00
Todd C. Miller
e31e0c4d3f Don't pass a NULL submitcwd or ttyname value to the server. 
It is possible for the cwd and/or tty to be missing.  If we send a
NULL pointer to the server where it expects a string the AcceptMessage
will fail to parse.
 2020-04-06 07:18:58 -06:00
Todd C. Miller
5034ea91be Some new source files got created with my old email address. 2020-03-29 05:05:08 -06:00
Todd C. Miller
34972e834f Mark up some remaining TODOs 2020-02-27 14:11:54 -07:00
Todd C. Miller
5635c22f6b Add --disable-log-server and --disable-log-client configure options. 
These can be used to optionally disable building sudo_logsrvd and
support for remote I/O logging in the sudoers plugin respectively.
 2020-02-26 13:17:40 -07:00
Todd C. Miller
2e836cc571 The environment in the accept message is runenv not submitenv. 
The I/O logging plugin is passed the environment the command will
run with, not the user's original environment.
 2020-02-16 16:37:14 -07:00
Todd C. Miller
658702b6d4 For plugin events, set the sudo event base for setbase(NULL). 
This makes it possible for a plugin to change the event base
to a local one and then reset it back to its original value.
 2020-02-02 12:37:11 -07:00
Todd C. Miller
49e7e4ecd5 Don't display "error in event loop" on loop break reading ServerHello. 
We should already have displayed a more useful error message.
Otherwise, we can get two "error in event loop" warnings if
the TLS handshake fails (in addition to other error messages).
 2020-02-01 08:32:27 -07:00
Todd C. Miller
b9bea25592 Read ServerHello message synchronously before the command is executed. 
Otherwise, the command could be run before the TLS handshake completes.
 2020-01-31 19:48:27 -07:00
Laszlo Orban
24c9438486 logserver option to disable certificate verification on server side and server authentication on client side 2020-01-23 10:12:12 -07:00
Laszlo Orban
9935a7e2ff Rename tls_checkpeer to tls_reqcert in ServerHello message 2020-01-23 10:12:12 -07:00
Laszlo Orban
6f3f45aa24 sudoers: disable SO_KEEPALIVE socket option based on log_server_disable_keepalive flag in sudoers 2020-01-22 10:52:18 -07:00
Todd C. Miller
dde86e585f Add support for building on OpenSSL 1.0.2. 
This adds compatibility defines for some OpenSSL 1.1.x functions.
 2020-01-21 13:27:40 -07:00
Todd C. Miller
c3bd025052 Store the server host name and IP in client_closure_fill(). 
Also check for getpeername() and inet_ntop() failure.
 2020-01-20 14:03:41 -07:00
Todd C. Miller
2d91555e85 Fix handling of SSL_ERROR_WANT_{READ,WRITE} during normal I/O. 
If we get SSL_ERROR_WANT_WRITE during SSL_read(), we need to resume
the SSL_read(), not call SSL_write() as we were doing.  Likewise
for SSL_ERROR_WANT_READ received from SSL_write().
This introduces a flag so we call the proper callback even when
the I/O direction doesn't match the read/write calls.
 2020-01-20 12:42:39 -07:00
Todd C. Miller
47d9504716 Add debugging statements to certificate checks. 2020-01-18 12:57:24 -07:00
Laszlo Orban
a6916c2199 do server identity validation in iolog plugin 2020-01-18 05:49:54 -07:00
Laszlo Orban
de02745a3f save a pointer to the currently connected audit server in the closure object 2020-01-18 05:49:54 -07:00
Todd C. Miller
36b3362b99 Fix TLS connect when SSL_connect returns SSL_ERROR_WANT_READ. 
We need to switch from SUDO_EV_WRITE to SUDO_EV_READ for this case.
Also make the tls connect events private to tls_timed_connect()
with their own closure.  There is no need to store them in the
client closure.
 2020-01-16 17:37:45 -07:00
Todd C. Miller
161750fc56 Really fix flushing of data in client_close(). 
Now that we call fmt_exit_message() from client_close() we do not
need to try to determine whether the read or write events were
pending in the old base.

We can't tell anyway because the active flag in the event was cleared
when the old sudo event base was destroyed.  It is correct to enable
both the read and write events after formatting the ExitMessage.
 2020-01-15 14:47:42 -07:00
Todd C. Miller
bbb9520c3a Use SUDOERS_DEBUG_* not SUDO_DEBUG_* in debug_decl() for the sudoers plugin. 2020-01-15 14:11:18 -07:00
Todd C. Miller
b3c5efd48e Avoid potential NULL deref in tls_timed_connect() error path. 
Coverity CID 206396
 2020-01-03 04:52:58 -07:00
Todd C. Miller
486ee2b71f debug_decl and debug_decl_vars now require a semicolon at the end. 2019-12-22 08:48:16 -07:00
Todd C. Miller
9d737441f4 Fix event loop called via I/O log close function. 
We need to set events that were pending in the old base in the new one.
Fixes sending the final I/O log data and the ExitMessage to the server.
 2019-12-07 08:42:12 -07:00
Todd C. Miller
5711c1b497 Remove extraneous newlines in some sudo_warnx() calls. 2019-12-06 13:37:22 -07:00
Laszlo Orban
24cda2592a implement tls layer in iolog plugin 2019-11-28 15:58:56 +01:00
Todd C. Miller
2143746370 Avoid NULL deref on an error path if calloc() fails. 
Coverity CID 205873
 2019-11-19 19:00:31 -07:00
Todd C. Miller
6c2821fe42 Plug a memory leak found by leak sanitizer 2019-11-18 11:50:25 -07:00
Todd C. Miller
3241b82a7e Make a shallow copy of user_env in I/O plugin in case it is reallocated. 
The policy plugin's session init function may reallocate the user
environment pointer.  Fixes a use after free when PAM is used.
 2019-11-18 10:29:11 -07:00
Todd C. Miller
82237194dd Add support for logging to the log server 2019-11-15 13:41:51 -07:00