isa/sudo
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
10,977 Commits 1 Branch 0 Tags
657897b8bf608b51e675545f6086567d23e9ee79
Commit Graph

263 Commits

Author SHA1 Message Date
Todd C. Miller
0b809cdafe regen 2021-06-22 15:23:00 -06:00
Todd C. Miller
030746ce57 Fix dead store found by clang analyzer. 2021-06-19 12:56:31 -06:00
Todd C. Miller
442778aee1 Fix prefix skipping when the prefix is embedded and not separate. 
This doesn't currently matter since the progname and the ": " are
stored in separate messages.  Found by clang analyzer.
 2021-06-19 12:56:04 -06:00
Todd C. Miller
f3deb3737d Remove dead store found by clang analyzer. 2021-06-19 12:53:34 -06:00
Todd C. Miller
efaa173fbe Replace logsrvd_is_early() with logsrvd_warn_stderr(). 
This is now defined in logsrvd_conf.c which removes a dependency
on another compilation unit for the fuzzer.
 2021-06-16 08:45:29 -06:00
Todd C. Miller
1d41937ca1 Silence a compiler warning on Solaris. 2021-06-15 14:59:59 -06:00
Todd C. Miller
74f034cbfb Reduce scope of errstr variable so it is only declared for OpenSSL. 2021-06-15 14:37:59 -06:00
Todd C. Miller
5a3bbba12b Use sudo_warnx?() instead of sudo_debug_printf for errors. 
We now hook the warn functions so the messages are logged.
The messages still show up in the debug log too.
 2021-06-15 13:58:12 -06:00
Todd C. Miller
d311c7b2ee If logsrvd_config not set fall back to using stderr for warnings. 
Also fix fuzz_logsrvd_conf link error.
 2021-06-13 18:42:09 -06:00
Todd C. Miller
2c1988410e Add support for logging server warning/error messages. 
We can use sudo_warn_set_conversation() to set a conversation
function that either writes to a log file or calls syslog().
 2021-06-13 18:27:36 -06:00
Todd C. Miller
7b33974f21 Remove logsrvd closure ERROR state and use a boolean flag instead. 
Fixes a bug where we would not insert a journal file that failed
to relay into the queue because its state was changed from CONNECTING
to ERROR after failing to connect.
 2021-06-08 19:51:54 -06:00
Todd C. Miller
b913a832e8 Make sure we link with libsudo_util *after* libfuzzstub. 
This only affects builds with a static libsudo_util.
Also fix a warning on HP-UX about main not being public.
 2021-06-07 15:53:57 -06:00
Todd C. Miller
0f5c8fe121 Remove line causing store_suspend_local() to return false on success. 
This is something that should have been removed as part of the local
I/O logging refactor.
 2021-05-10 13:44:31 -06:00
Todd C. Miller
9d734d57e7 sudo_sendlog: rename -m (max-time) to -s (stop-after). 2021-05-04 12:14:02 -06:00
Todd C. Miller
caf096e1a1 Update closure->elapsed_time in journal_seek(). 
Otherwise the commit point messages won't be accurate when restarting.
 2021-05-04 10:45:12 -06:00
Todd C. Miller
7376fa632f Add "-m elapsed" option to specify the max elapsed time of records to send. 
Useful for testing the ability of the server to handle restarted log
transfers.
 2021-05-04 08:22:34 -06:00
Todd C. Miller
5a39066343 Disable reading from client or relay when sending error to client. 
We treat an error from the relay as fatal and must stop processing
data from both client and relay to make sure we don't get out of sync.
 2021-05-03 19:18:10 -06:00
Todd C. Miller
c3534712de Fix I/O log restart of locally-store logs. 
This got broken a while ago when evlog in struct connection_closure
was changed to a pointer.
 2021-05-03 16:54:25 -06:00
Todd C. Miller
109a0331a5 Don't hard-code the TLS connect timeout, use normal connect timeout. 
For sudo_logsrvd, this is the relay connect_timeout setting.
For sudoers, this is the log_server_timeout setting.
 2021-05-03 09:01:00 -06:00
Todd C. Miller
06cb6459c1 Add missing closedir(3) in logsrvd_queue_scan(). 
Coverity CID 221591
 2021-05-02 12:33:49 -06:00
Todd C. Miller
f49930c62e Make the failed relay retry interval configurable. 
This is the amount of time to wait before trying to resend a
journal to the relay server after a connection error.
 2021-05-02 06:19:32 -06:00
Todd C. Miller
177816b787 Send outgoing messages to the relay server on startup. 
Also attempt to retry messages that could not be relayed periodically.
 2021-05-01 16:27:21 -06:00
Todd C. Miller
bc82430a6f Set relay name string to NULL after dropping the reference. 
Otherwise it is possible to decrement the reference more than once.
 2021-05-01 08:48:24 -06:00
Todd C. Miller
01bdfd3be2 Write client and server information to debug file on SIGUSR1 
This can be used to debug client problems such as a connection
not being closed as expected.
 2021-04-29 16:20:02 -06:00
Todd C. Miller
f92bb8840c Create journal files in an incoming directory, move to outgoing when complete. 
This will make it possible to process completed journal files
periodically if the relay server is down.
 2021-04-29 14:19:08 -06:00
Todd C. Miller
5c593d5a4a Add missing connection_close() call for relay-only connections. 
For an immediate relay we will close the connection when the client
disconnects (or there is a timeout).  However, for store-and-forward
mode the client has already disconnected at the time we are relaying.
 2021-04-29 14:19:07 -06:00
Todd C. Miller
d4bdc85d74 Replace non-ascii characters in warning string. 2021-04-27 16:39:43 -06:00
Todd C. Miller
84a01d3a93 Move local iolog log functions to logsrvd_local.c 2021-04-27 14:46:27 -06:00
Todd C. Miller
6d8942e82c Better client error reporting on relay server connection error. 
More detailed error messages may be found in the debug log.
 2021-04-27 12:25:19 -06:00
Todd C. Miller
e55991f244 Update debug pid string when sudo_logsrvd becomes a daemon. 2021-04-27 08:57:11 -06:00
Todd C. Miller
f25275ad5b Must call SSL_shutdown() before closing the underlying socket. 
This got broken by some code rearrangement when relay mode was added.
 2021-04-26 19:07:40 -06:00
Todd C. Miller
67029f3cc4 Recover if the client or relay server closes the TLS connection uncleanly. 
The other end of the connection should perform a proper TLS shutdown
but as long as we are in the correct state there is no need to treat
this as a user-visible error.
 2021-04-26 17:05:34 -06:00
Todd C. Miller
65a55497ec Avoid calling fread() with a NUL buffer if msg_len is 0. 
Coverity CID 221399
 2021-04-23 19:01:44 -06:00
Todd C. Miller
d9f0eba1fa Set a restrictive umask so new files are only read/write by owner. 
Coverity CID 221402
 2021-04-23 18:58:55 -06:00
Todd C. Miller
bfd5803bd2 In connection_closure_free() only close sock if it is not -1. 
When relaying from a journal there will be no socket.
Coverity CID 221403
 2021-04-23 17:02:35 -06:00
Todd C. Miller
57b8122cf3 Avoid potential NULL dereference in get_free_buf(). 
Coverity CID 221400
 2021-04-23 16:56:29 -06:00
Todd C. Miller
21641a27e4 Remove some now-dead code in the error path. 
Coverity CID 221397 and 221398
 2021-04-23 16:56:23 -06:00
Todd C. Miller
761b02d34f Use function pointers for each client message type instead of conditionals. 
This separats out the message handler from the functions that store
or relay the message contents.
 2021-04-23 16:56:21 -06:00
Todd C. Miller
64ac63918e Add enqueue_error_message() helper function. 
Formats and enqueues an error message and enables the write event.
 2021-04-23 16:56:20 -06:00
Todd C. Miller
050e91f8d1 Forward the journaled entry after it has been stored locally. 2021-04-23 16:56:18 -06:00
Todd C. Miller
280fabac38 Stash the value of the store_first config setting in connection_closure. 
If the configuration changes it should not affect a connection that
is already in progress.
 2021-04-23 16:56:17 -06:00
Todd C. Miller
c2d3070fa1 Journal messages to disk when store_first is set in the relay section. 
Instead of forwarding messages immediately, they are journaled
locally in wire format.
This will be used to implement relay store-and-forward mode.
 2021-04-23 16:55:30 -06:00
Todd C. Miller
6f5b353e87 Add configuration for sudo_logsrvd store-and-forward mode. 
Adds "relay_dir" and "store_first" settings to sudo_logsrvd.conf
in the [relay] section.  Also adds a --with-relaydir configure
argument to change the default value (usually /var/log/logsrvd-relay.
 2021-04-23 16:54:15 -06:00
Todd C. Miller
32f742389b Don't use msg_len as a length after converting it to network byte order. 2021-04-19 16:28:18 -06:00
Todd C. Miller
110d9667e5 Use the packed message buffer when relaying if possible. 
There's no need to rebuild the message buffer for anything but
RestartMessage and ClientHello.
 2021-04-19 09:44:37 -06:00
Todd C. Miller
935daf6b7e Allocate the data buffer in get_free_buf() too. 
We always know the size of the data buffer we need at allocation time.
 2021-04-18 17:10:53 -06:00
Todd C. Miller
3dce67ec10 Relay ChangeWindowSize and CommandSuspend events too. 2021-04-17 07:59:13 -06:00
Todd C. Miller
4e9baba2b5 Set logsrvd_config to NULL in logsrvd_conf_cleanup() after freeing it. 
Fixes a double free in fuzz_logsrvd_conf (but not sudo_logsrvd itself).
Also fix linking fuzz_logsrvd_conf with OpenSSL.
 2021-04-09 14:02:50 -06:00
Todd C. Miller
e4e0e734b9 Update sudo_logsrvd.conf fuzzer to match configuration changes. 2021-04-09 13:34:36 -06:00
Todd C. Miller
163a5f08b5 Move relay configuration into its own section and add TLS options. 
TLS options in the relay section will be used if specified, otherwise
the TLS options from the server section are used.
 2021-04-08 19:14:05 -06:00