isa/sudo
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
10,583 Commits 1 Branch 0 Tags
71997da168ec173f4cf367f2e13bc25c6bf8fe02
Commit Graph

42 Commits

Author SHA1 Message Date
Todd C. Miller
db72498257 Use struct eventlog in place of struct iolog_info. 2020-10-26 15:31:41 -06:00
Todd C. Miller
b9aff696fb No longer need eventlog-related getters in logsrvd.c 2020-10-26 15:29:44 -06:00
Todd C. Miller
8c43340474 Use libeventlog in sudo_logsrvd. 2020-10-26 15:26:02 -06:00
Todd C. Miller
707437f6cb Refactor eventlog code into a library 2020-10-26 15:24:35 -06:00
Todd C. Miller
e92d10011e Rename sa_len -> sa_size to avoid a conflict on UnixWare and others. 
On some systems, sa_len is a #define for 4.4BSD compatibility.
 2020-09-04 16:06:37 -06:00
Todd C. Miller
bd254e1042 Read/write runchroot and runcwd entries in the JSON event log. 2020-09-01 06:26:05 -06:00
Todd C. Miller
d2686dde0c Rename FLUSHED state to FINISHED 
This makes more sense when receiving event-only logs.
 2020-05-13 09:30:05 -06:00
Todd C. Miller
0337f5b735 Fix handling of connections without associated I/O logs. 
This fixes reject events as well as accept events without the
expect_iobufs flag set.
 2020-05-13 07:40:47 -06:00
Todd C. Miller
1659d96c55 Use port 30343 for plaintext and port 30344 for TLS. 
For TLS connections we now do the TLS handshake immediately before
the ServerHello message.  This lets the client recieve an alert
from the server is there is a handshake error after the TLS connect
has succeeded.  It also means that the contents of the ServerHello
are protected from a man-in-the-middle attack.
 2020-05-05 13:23:26 -06:00
Todd C. Miller
18ff60f6ff Disable IPv4-mapped IPv6 addresses in the listener. 
Also store the host + port string and use it in error messages.
 2020-04-08 08:54:28 -06:00
Todd C. Miller
f908ddd1bf Create a pidfile for sudo_logsrvd when not run with the -n flag. 2020-03-29 05:05:08 -06:00
Todd C. Miller
cffda82e20 Do not use JSON_ARRAY with sudo_json_add_value() 2020-03-29 05:05:08 -06:00
Todd C. Miller
9b144069fc Store runenv in the I/O log info file too. 2020-03-29 05:05:08 -06:00
Todd C. Miller
ea9b711a70 Write an extended I/O info log in JSON format. 
This will be used by sudoreplay if it exists to get more information
about the command being replayed.
 2020-03-29 05:05:08 -06:00
Todd C. Miller
5034ea91be Some new source files got created with my old email address. 2020-03-29 05:05:08 -06:00
Todd C. Miller
f561e2cafe Store the event base in the client closure. 
Explicitly passing the event base removes the need to set a default base.
 2020-03-01 13:36:59 -07:00
Todd C. Miller
f40b4c2887 Open event log at config time instead of open/close for each entry. 
If logging via syslog, do the openlog() at config time instead.
We still lock the log file prior to writing to it but unlock
immediately after.
 2020-02-22 16:13:56 -07:00
Todd C. Miller
a0c2de4cef Re-register listeners on SIGHUP. 
Previously, a config reload would refresh the listener address list
but the changes had no effect on the actual addresses being listened on.
 2020-02-18 13:13:03 -07:00
Todd C. Miller
5781a6a4cf Add support for JSON logging in sudo_logsrvd. 2020-02-17 16:10:56 -07:00
Laszlo Orban
24c9438486 logserver option to disable certificate verification on server side and server authentication on client side 2020-01-23 10:12:12 -07:00
Laszlo Orban
38160d0ccb logserver: enable/disable SO_KEEPALIVE socket option based on tcp_keepalive configuration option in sudo_logsrvd.conf 2020-01-22 10:52:18 -07:00
Todd C. Miller
2d91555e85 Fix handling of SSL_ERROR_WANT_{READ,WRITE} during normal I/O. 
If we get SSL_ERROR_WANT_WRITE during SSL_read(), we need to resume
the SSL_read(), not call SSL_write() as we were doing.  Likewise
for SSL_ERROR_WANT_READ received from SSL_write().
This introduces a flag so we call the proper callback even when
the I/O direction doesn't match the read/write calls.
 2020-01-20 12:42:39 -07:00
Laszlo Orban
829fb9db84 do client identity validation in logserver 2020-01-18 05:49:54 -07:00
Laszlo Orban
21e7fdfd55 use event timeout instead of socket timeout 2019-11-26 08:36:02 +01:00
Laszlo Orban
f67d0d13cf ServerHello message is now unencrypted, TLS communication has been refactored to full async 2019-11-22 11:11:55 +01:00
Laszlo Orban
b9641816d6 set timeout value for the socket 2019-11-15 09:52:48 +01:00
Laszlo Orban
e201f104d4 make audit server openssl dependency optional; tls layer is compiled only if sudo is built with --enable-openssl feature switch 2019-11-15 09:52:48 +01:00
Laszlo Orban
2c5e421761 add configuration options for TLS 2019-11-12 10:26:48 +01:00
Todd C. Miller
955fa11b53 Clear the write bit on the timing file for completed logs. 
This allows us to tell whether or not a log can be restarted.
 2019-10-24 20:04:33 -06:00
Todd C. Miller
728ed2100b Rename buffer.c -> logsrv_util.c and add iolog_seekto() 2019-10-24 20:04:32 -06:00
Todd C. Miller
66fc926959 Allow messages up to 2Mb in size. 2019-10-24 20:04:32 -06:00
Todd C. Miller
76eec78a33 Add basic support for event logging using a sudo-style log format. 2019-10-24 20:04:32 -06:00
Todd C. Miller
c7f0f9e0fc Return an error to the client on error instead of dropping the connection. 2019-10-24 20:04:32 -06:00
Todd C. Miller
534aba7a3e Make the logsrvd port and list address configurable. 2019-10-24 20:04:32 -06:00
Todd C. Miller
077e9aebbf Rename ExecMessage -> AcceptMessage and add RejectMessage 2019-10-24 20:04:31 -06:00
Todd C. Miller
282263c113 Use openat(2) when opening files in the I/O log directory. 2019-10-24 20:04:31 -06:00
Todd C. Miller
7ba7c5835e Enable sudo_logsrvd.conf settings. 2019-10-24 20:04:31 -06:00
Todd C. Miller
059b55ce72 Refactor code in sudoers that creates I/O log files to share with logsrvd. 2019-10-24 20:04:31 -06:00
Todd C. Miller
a808dd45c2 Add config file support for logsrvd 2019-10-24 20:04:31 -06:00
Todd C. Miller
e76d2e8201 Add support for restarting I/O log transfers. 2019-10-24 20:04:30 -06:00
Todd C. Miller
4dacf81082 Refactor I/O log code so it can be shared between sudoers and logsrvd 2019-10-24 20:04:29 -06:00
Todd C. Miller
2272430716 Import proof of concept sudo log server. 2019-10-24 20:04:29 -06:00