isa/sudo
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
11,386 Commits 1 Branch 0 Tags
9d79a0767ccd0dadfaf7f41565b44b01ed938c24
Commit Graph

30 Commits

Author SHA1 Message Date
Todd C. Miller
cc6157d7d4 Add support for WolfSSL's OpenSSL compatibility layer. 
Based on changes from Hayden Roche
 2021-10-25 13:17:57 -06:00
Todd C. Miller
87c1dd9d7d Move include of log_server.pb-c.h into logsrvd.h and sendlog.h 
This way there is no include file order issue with the
PROTOBUF_C_VERSION_NUMBER check.
 2021-10-25 12:25:24 -06:00
Todd C. Miller
0e2094471b Call shutdown() on sockets before closing() if they are connected. 
This should ensure that the other side sees any queued data before
the connection is dropped.
 2021-08-11 14:08:48 -06:00
Todd C. Miller
79129613e5 If SSL_shutdown() returns 0 it needs to be called one more time. 2021-08-11 10:16:36 -06:00
Todd C. Miller
f3deb3737d Remove dead store found by clang analyzer. 2021-06-19 12:53:34 -06:00
Todd C. Miller
5a3bbba12b Use sudo_warnx?() instead of sudo_debug_printf for errors. 
We now hook the warn functions so the messages are logged.
The messages still show up in the debug log too.
 2021-06-15 13:58:12 -06:00
Todd C. Miller
5a39066343 Disable reading from client or relay when sending error to client. 
We treat an error from the relay as fatal and must stop processing
data from both client and relay to make sure we don't get out of sync.
 2021-05-03 19:18:10 -06:00
Todd C. Miller
109a0331a5 Don't hard-code the TLS connect timeout, use normal connect timeout. 
For sudo_logsrvd, this is the relay connect_timeout setting.
For sudoers, this is the log_server_timeout setting.
 2021-05-03 09:01:00 -06:00
Todd C. Miller
177816b787 Send outgoing messages to the relay server on startup. 
Also attempt to retry messages that could not be relayed periodically.
 2021-05-01 16:27:21 -06:00
Todd C. Miller
bc82430a6f Set relay name string to NULL after dropping the reference. 
Otherwise it is possible to decrement the reference more than once.
 2021-05-01 08:48:24 -06:00
Todd C. Miller
5c593d5a4a Add missing connection_close() call for relay-only connections. 
For an immediate relay we will close the connection when the client
disconnects (or there is a timeout).  However, for store-and-forward
mode the client has already disconnected at the time we are relaying.
 2021-04-29 14:19:07 -06:00
Todd C. Miller
6d8942e82c Better client error reporting on relay server connection error. 
More detailed error messages may be found in the debug log.
 2021-04-27 12:25:19 -06:00
Todd C. Miller
67029f3cc4 Recover if the client or relay server closes the TLS connection uncleanly. 
The other end of the connection should perform a proper TLS shutdown
but as long as we are in the correct state there is no need to treat
this as a user-visible error.
 2021-04-26 17:05:34 -06:00
Todd C. Miller
21641a27e4 Remove some now-dead code in the error path. 
Coverity CID 221397 and 221398
 2021-04-23 16:56:23 -06:00
Todd C. Miller
761b02d34f Use function pointers for each client message type instead of conditionals. 
This separats out the message handler from the functions that store
or relay the message contents.
 2021-04-23 16:56:21 -06:00
Todd C. Miller
64ac63918e Add enqueue_error_message() helper function. 
Formats and enqueues an error message and enables the write event.
 2021-04-23 16:56:20 -06:00
Todd C. Miller
050e91f8d1 Forward the journaled entry after it has been stored locally. 2021-04-23 16:56:18 -06:00
Todd C. Miller
c2d3070fa1 Journal messages to disk when store_first is set in the relay section. 
Instead of forwarding messages immediately, they are journaled
locally in wire format.
This will be used to implement relay store-and-forward mode.
 2021-04-23 16:55:30 -06:00
Todd C. Miller
32f742389b Don't use msg_len as a length after converting it to network byte order. 2021-04-19 16:28:18 -06:00
Todd C. Miller
110d9667e5 Use the packed message buffer when relaying if possible. 
There's no need to rebuild the message buffer for anything but
RestartMessage and ClientHello.
 2021-04-19 09:44:37 -06:00
Todd C. Miller
935daf6b7e Allocate the data buffer in get_free_buf() too. 
We always know the size of the data buffer we need at allocation time.
 2021-04-18 17:10:53 -06:00
Todd C. Miller
3dce67ec10 Relay ChangeWindowSize and CommandSuspend events too. 2021-04-17 07:59:13 -06:00
Todd C. Miller
163a5f08b5 Move relay configuration into its own section and add TLS options. 
TLS options in the relay section will be used if specified, otherwise
the TLS options from the server section are used.
 2021-04-08 19:14:05 -06:00
Todd C. Miller
25d4dd8e6d Add "server" and "relay" to getters/callbacks specific to server and relay. 2021-04-08 19:09:55 -06:00
Todd C. Miller
90770794db Remove struct logsrvd_tls_config. 
Now that the SSL context is initialized in logsrvd_conf.c there's
no need to export TLS configuration other than tls_check_peer.
 2021-04-08 18:07:59 -06:00
Todd C. Miller
9779996c3c No longer need struct logsrvd_tls_runtime, use SSL_CTX instead. 2021-04-08 15:39:26 -06:00
Todd C. Miller
3f1a76cb83 Move connect_relay_tls() so we don't need a prototype for it. 
Fixes a warning when sudo is not configured to use OpenSSL.
 2021-04-06 16:53:35 -06:00
Todd C. Miller
30f57bcdce Add sa_host to struct server_address as a ref counted string. 
Also convert sa_str to ref counted string.
 2021-04-06 14:44:19 -06:00
Todd C. Miller
b1c4de2088 Add support for relaying to another sudo_logsrvd via TLS. 2021-04-06 14:44:19 -06:00
Todd C. Miller
d60b8a791c Add a relay mode to sudo_logsrvd where it forwards instead of stores. 
Relay hosts are be specified in the server section of sudo_logsrvd.conf.
 2021-04-06 14:44:19 -06:00