isa/sudo
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
10,501 Commits 1 Branch 0 Tags
b3173fdedc605837113b9689c42d075398dd05c0
Commit Graph

61 Commits

Author SHA1 Message Date
Todd C. Miller
de58c11dba Set server_name before initiating TLS connection so verify function works. 
Fixes a crash in the SSL_VERIFY_PEER callback.  Also call inet_ntop(3)
with addr pointer, not sockaddr pointer so we get the correct IP address.
 2020-11-02 09:30:45 -07:00
Todd C. Miller
e0c2635fb3 Apply Google inclusive language guidelines. 
Also replace backwards with backward.
 2020-10-30 10:15:30 -06:00
Todd C. Miller
db72498257 Use struct eventlog in place of struct iolog_info. 2020-10-26 15:31:41 -06:00
Todd C. Miller
eaa95acb31 Post-process protoc-c files to avoid depending on anonymous unions. 
Based on a patch from Michael Osipov.
GitHub issue #60
 2020-09-04 13:17:51 -06:00
Todd C. Miller
961a4afe67 Fix some warnings from pvs-studio 2020-08-12 13:45:09 -06:00
Todd C. Miller
cbad17a994 Move inclusion of compat headers up with the system headers. 
Now that sudo_dso_public is defined in config.h we don't need sudo_compat.h
before including the compat headers.
 2020-08-12 10:07:07 -06:00
Todd C. Miller
985af422d2 Rename __dso_public -> sudo_dso_public and move to config.h. 2020-08-12 09:57:42 -06:00
Todd C. Miller
076d0376db We no longer need to include sudo_gettext.h before sudo_compat.h 2020-08-12 09:50:35 -06:00
Todd C. Miller
63dadad9df Refactor freeing of InfoMessage list into free_info_messages(). 
Also fixes a false positive from the clang analyzer.
 2020-08-07 14:22:28 -06:00
Todd C. Miller
03ad96e445 Use the fallthrough attribute instead of /* FALLTHROUGH */ comments. 2020-08-01 13:10:50 -06:00
Todd C. Miller
8da1f31954 Fix memory leak on error in fmt_info_messages(). 2020-06-06 14:08:34 -06:00
Todd C. Miller
84f0ae0cb8 Use PACKAGE_VERSION instead of 0.1 as the client and server version. 2020-05-18 11:33:13 -06:00
Todd C. Miller
27355e6aae Fix handling of accept and reject messages without an I/O log. 
Only set expect_iobufs in AcceptMessage if sending I/O logs.
Set state to FINISHED immediately after sending a RejectMessage.
 2020-05-12 19:19:16 -06:00
Todd C. Miller
d5888e2745 Add -A and -R options to test logging of accept and reject events. 
If -A is specified, no I/O will be sent, only the accept event.
For -R, a reject event with the specified reason is sent.
 2020-05-12 14:45:46 -06:00
Todd C. Miller
6901fc97ac Add a ClientHello message that client sends to the server. 
This makes it easier to detect a plaintext client sending to a
TLS port.  Without this, the TLS server will be silent as it
waits for the client to initiate the TLS connection.
 2020-05-05 13:23:26 -06:00
Todd C. Miller
1e765e1caf Better error messages when there is a problem with the TLS connection. 
If SSL_read, SSL_write or SSL_connect fails we can use the reason
string to let the user know what the problem is.
 2020-05-05 13:23:26 -06:00
Todd C. Miller
e5f8214c0a Remove the tls parameter from the ServerHello message. 
The TLS connection is now initiated before ServerHello is received.
 2020-05-05 13:23:26 -06:00
Todd C. Miller
1659d96c55 Use port 30343 for plaintext and port 30344 for TLS. 
For TLS connections we now do the TLS handshake immediately before
the ServerHello message.  This lets the client recieve an alert
from the server is there is a handshake error after the TLS connect
has succeeded.  It also means that the contents of the ServerHello
are protected from a man-in-the-middle attack.
 2020-05-05 13:23:26 -06:00
Todd C. Miller
7d621fc6f1 Plug memory leaks in sudo_sendlog 2020-05-04 11:25:47 -06:00
Todd C. Miller
aba4915b83 On error, remove the connection with an error without freeing the closure. 
Fixes the final message at the end when there is a network error.
 2020-04-30 15:54:35 -06:00
Todd C. Miller
5dec0f763f Allow -t option even without OpenSSL 
Also add -t to the usage message
 2020-04-23 14:16:02 -06:00
Todd C. Miller
0fafcf6aea Use sudo_strtonum() instead of relying on strtoll(). 
Older, pre-C99, systems may not include strtoll() in their C library.
 2020-04-23 11:15:03 -06:00
Todd C. Miller
69b6783be6 Store the result of ERR_get_error() so we can use it for both warn and debug. 
Otherwise, only the debug framework gets the actual error and the
user won't see the problem.
 2020-04-08 09:26:41 -06:00
Todd C. Miller
ea9b711a70 Write an extended I/O info log in JSON format. 
This will be used by sudoreplay if it exists to get more information
about the command being replayed.
 2020-03-29 05:05:08 -06:00
Todd C. Miller
a644c1d1d2 iolog_parse_loginfo() now opens the log file itself. 2020-03-29 05:05:08 -06:00
Todd C. Miller
5034ea91be Some new source files got created with my old email address. 2020-03-29 05:05:08 -06:00
Todd C. Miller
f561e2cafe Store the event base in the client closure. 
Explicitly passing the event base removes the need to set a default base.
 2020-03-01 13:36:59 -07:00
Todd C. Miller
ac61b5655d Use EXIT_SUCCESS and EXIT_FAILURE more consistently. 2020-02-08 12:43:00 -07:00
Todd C. Miller
630fc9b17b Make restart and elapsed members of the closure structs not pointers. 
Fixes coverity CID 207992
 2020-02-07 13:12:38 -07:00
Laszlo Orban
0ca2d1427b fixed compiler error when sudo is configured without --enable-openssl 2020-02-03 06:09:47 -07:00
Laszlo Orban
1e5562df93 Refactor sudo_sendlog in order to be able to send one I/O log multiple times in parallel (for testing purposes) 2020-01-31 13:45:13 -07:00
Laszlo Orban
9935a7e2ff Rename tls_checkpeer to tls_reqcert in ServerHello message 2020-01-23 10:12:12 -07:00
Todd C. Miller
dde86e585f Add support for building on OpenSSL 1.0.2. 
This adds compatibility defines for some OpenSSL 1.1.x functions.
 2020-01-21 13:27:40 -07:00
Todd C. Miller
2d91555e85 Fix handling of SSL_ERROR_WANT_{READ,WRITE} during normal I/O. 
If we get SSL_ERROR_WANT_WRITE during SSL_read(), we need to resume
the SSL_read(), not call SSL_write() as we were doing.  Likewise
for SSL_ERROR_WANT_READ received from SSL_write().
This introduces a flag so we call the proper callback even when
the I/O direction doesn't match the read/write calls.
 2020-01-20 12:42:39 -07:00
Todd C. Miller
36b3362b99 Fix TLS connect when SSL_connect returns SSL_ERROR_WANT_READ. 
We need to switch from SUDO_EV_WRITE to SUDO_EV_READ for this case.
Also make the tls connect events private to tls_timed_connect()
with their own closure.  There is no need to store them in the
client closure.
 2020-01-16 17:37:45 -07:00
Todd C. Miller
920cdf421a Check for sudo_ev_add() failure; Coverity CID 206395 206397 2020-01-03 04:48:56 -07:00
Todd C. Miller
486ee2b71f debug_decl and debug_decl_vars now require a semicolon at the end. 2019-12-22 08:48:16 -07:00
Laszlo Orban
f4bbce6708 adapt sudo sendlog (async communication, unencrypted ServerHello message) 2019-11-26 08:36:02 +01:00
Todd C. Miller
68480b0959 Minor style nits that I missed during review. 2019-11-15 12:48:42 -07:00
Todd C. Miller
c9da8d4084 Avoid calling SSL_CTX_free() on an uninitialized pointer in an error path. 2019-11-15 12:26:44 -07:00
Laszlo Orban
8c8023d212 update sudo_sendlog to support openssl tls 2019-11-15 09:52:48 +01:00
Todd C. Miller
73031bbb55 Rename cwd -> submitcwd to match man page. 2019-11-05 15:18:07 -07:00
Todd C. Miller
f1d0c99e03 Move bufsize_roundup() -> sudo_pow2_roundup() in libsudo_util. 2019-11-02 12:03:44 -06:00
Todd C. Miller
0129f3a72a Remove unused copy of iolog_seekto(). 2019-10-27 10:40:29 -06:00
Todd C. Miller
56c21243d7 Add iolog_ prefix to exported functions in iolog_util.c 2019-10-24 20:04:33 -06:00
Todd C. Miller
822fd99b60 Fix Coverity CID 204353, fd leak on error path. 2019-10-24 20:04:32 -06:00
Todd C. Miller
e74134d04d Fix some warnings from the clang static analyzer. 2019-10-24 20:04:32 -06:00
Todd C. Miller
728ed2100b Rename buffer.c -> logsrv_util.c and add iolog_seekto() 2019-10-24 20:04:32 -06:00
Todd C. Miller
b58ecb7e6d Move read_timing_record() into libsudo_iolog 2019-10-24 20:04:32 -06:00
Todd C. Miller
0ab2d8299b Fix client side of restart. 
Seek to the target point there too so we start sending from the right place.
 2019-10-24 20:04:32 -06:00