isa/sudo
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
11,241 Commits 1 Branch 0 Tags
cccefb962b76505fd9916e39c3ae7108b09c0bcc
Commit Graph

11241 Commits

This Branch
This Branch
All Branches
Author SHA1 Message Date
Todd C. Miller
67029f3cc4 Recover if the client or relay server closes the TLS connection uncleanly. 
The other end of the connection should perform a proper TLS shutdown
but as long as we are in the correct state there is no need to treat
this as a user-visible error.
 2021-04-26 17:05:34 -06:00
Todd C. Miller
66c6edada2 Sudo 1.9.7 2021-04-26 13:12:28 -06:00
Todd C. Miller
8a65893435 Add a suppression file for the libpython leaks. 
This is a big hammer but it seems like the best we can do for now.
Allows "make check" to succeed when address sanitizer is used.
 2021-04-26 08:58:00 -06:00
Todd C. Miller
6907376ae9 When spliting EDITOR check for escaped quote characters. 
Also add check_editor to sudoers "make check".
 2021-04-25 19:12:50 -06:00
Todd C. Miller
5e5131dec3 Treat a lone backslash at the end of a string as a literal backslash. 
GitHub issue #99
 2021-04-24 14:19:46 -06:00
Todd C. Miller
d6d2e3488b Fix typo. 2021-04-24 13:23:25 -06:00
Todd C. Miller
a85c6b41a6 Avoid a potential NULL dereference when mutating args_str. 
Coverit CID 221401
 2021-04-23 19:05:45 -06:00
Todd C. Miller
65a55497ec Avoid calling fread() with a NUL buffer if msg_len is 0. 
Coverity CID 221399
 2021-04-23 19:01:44 -06:00
Todd C. Miller
d9f0eba1fa Set a restrictive umask so new files are only read/write by owner. 
Coverity CID 221402
 2021-04-23 18:58:55 -06:00
Todd C. Miller
bfd5803bd2 In connection_closure_free() only close sock if it is not -1. 
When relaying from a journal there will be no socket.
Coverity CID 221403
 2021-04-23 17:02:35 -06:00
Todd C. Miller
57b8122cf3 Avoid potential NULL dereference in get_free_buf(). 
Coverity CID 221400
 2021-04-23 16:56:29 -06:00
Todd C. Miller
21641a27e4 Remove some now-dead code in the error path. 
Coverity CID 221397 and 221398
 2021-04-23 16:56:23 -06:00
Todd C. Miller
761b02d34f Use function pointers for each client message type instead of conditionals. 
This separats out the message handler from the functions that store
or relay the message contents.
 2021-04-23 16:56:21 -06:00
Todd C. Miller
64ac63918e Add enqueue_error_message() helper function. 
Formats and enqueues an error message and enables the write event.
 2021-04-23 16:56:20 -06:00
Todd C. Miller
050e91f8d1 Forward the journaled entry after it has been stored locally. 2021-04-23 16:56:18 -06:00
Todd C. Miller
280fabac38 Stash the value of the store_first config setting in connection_closure. 
If the configuration changes it should not affect a connection that
is already in progress.
 2021-04-23 16:56:17 -06:00
Todd C. Miller
c2d3070fa1 Journal messages to disk when store_first is set in the relay section. 
Instead of forwarding messages immediately, they are journaled
locally in wire format.
This will be used to implement relay store-and-forward mode.
 2021-04-23 16:55:30 -06:00
Todd C. Miller
6f5b353e87 Add configuration for sudo_logsrvd store-and-forward mode. 
Adds "relay_dir" and "store_first" settings to sudo_logsrvd.conf
in the [relay] section.  Also adds a --with-relaydir configure
argument to change the default value (usually /var/log/logsrvd-relay.
 2021-04-23 16:54:15 -06:00
Todd C. Miller
727056e0c9 Make sure SIGCHLD is not ignored when sudo is executed. 
If SIGCHLD is ignored there is a race condition between when the
process is executed and when the SIGCHLD handler is installed.
This fixes the bug described by GitHub PR #98
 2021-04-23 07:41:27 -06:00
Todd C. Miller
b0a32fe738 Remove the HP-UX 11.0 pread64() hack, it causes problems on modern HP-UX. 2021-04-20 14:59:19 -06:00
Todd C. Miller
6717415e73 Add minimum value to consider when overriding resource limits. 
Currently only used for RLIMIT_DATA and RLIMIT_AS.

This works around a problem on HP-UX where setting RLIMIT_DATA
changes the resource limits for both 32-bit and 64-bit processes.
HP-UX processes start out with RLIMIT_DATA set based on the values
of the maxdsiz and maxdsiz_64bit kernel tunables, depending on
whether they are 32-bit or 64-bit.  By default this limit is 1GB
for 32-bit processes and 4GB for 64-bit.  However, once RLIMIT_DATA
is changed, it does not appear to be possible to restore the old
values.  This can result in a 64-bit process that is executed by a
32-bit shell getting the 32-bit RLIMIT_DATA instead of the 64-bit
one.  Bug #973
 2021-04-20 14:31:40 -06:00
Todd C. Miller
32f742389b Don't use msg_len as a length after converting it to network byte order. 2021-04-19 16:28:18 -06:00
Todd C. Miller
110d9667e5 Use the packed message buffer when relaying if possible. 
There's no need to rebuild the message buffer for anything but
RestartMessage and ClientHello.
 2021-04-19 09:44:37 -06:00
Todd C. Miller
935daf6b7e Allocate the data buffer in get_free_buf() too. 
We always know the size of the data buffer we need at allocation time.
 2021-04-18 17:10:53 -06:00
Todd C. Miller
3dce67ec10 Relay ChangeWindowSize and CommandSuspend events too. 2021-04-17 07:59:13 -06:00
Todd C. Miller
7c2224584d Regenerate test output with python 3.10a7 
Also adjust debug tests so they pass on older python versions
 2021-04-16 15:24:12 -06:00
Todd C. Miller
5ffa915c9c determine Python (3.10) version number correctly. 
from upstream automake
 2021-04-16 14:06:07 -06:00
Todd C. Miller
fbbf602664 Move python.m4 and runlog.m4 to the m4 directory. 
Previously they were inline in aclocal.m4.
 2021-04-16 13:41:43 -06:00
Todd C. Miller
d76cc96af6 Add hiuxmpp where we have hpux for special cases. 
Also move the HP-UX 11.00 pread(2) workaround into the section where
pread(2) is tested for, not before it.
 2021-04-15 13:07:13 -06:00
Todd C. Miller
620b0dec86 Only replace the last instance of "sudo" in example and doc dir. 
Otherwise we end up with weird paths for a prefix like /opt/sudo.
 2021-04-15 10:31:28 -06:00
Todd C. Miller
a1323ba43b Fix lint warning. 2021-04-13 14:29:59 -06:00
Todd C. Miller
556b8f62cb Mention relay mode and update TLS example. 2021-04-13 14:24:50 -06:00
Todd C. Miller
d028410bf7 If libssl_dep was not passed in, use ldd to determine its value. 
Normally, mkpkg will figure this out, but if the user does "make
package" outside of the mkpkg script, libssl_dep will not be set.
 2021-04-13 10:00:57 -06:00
Todd C. Miller
28d41cecad Enable the use of OpenSSL if log client/server not disabled. 
This adds a dependency on OpenSSL unless it is explicitly disabled
(--disable-openssl) or the sudo log client and server are disabled
(--disable-log-client and --disable-log-server).
 2021-04-12 14:10:49 -06:00
Todd C. Miller
b8fda5b0a9 configure aux scripts moved to the scripts directory 2021-04-09 16:30:39 -06:00
Todd C. Miller
4e9baba2b5 Set logsrvd_config to NULL in logsrvd_conf_cleanup() after freeing it. 
Fixes a double free in fuzz_logsrvd_conf (but not sudo_logsrvd itself).
Also fix linking fuzz_logsrvd_conf with OpenSSL.
 2021-04-09 14:02:50 -06:00
Todd C. Miller
e4e0e734b9 Update sudo_logsrvd.conf fuzzer to match configuration changes. 2021-04-09 13:34:36 -06:00
Todd C. Miller
ae77355eda Document relay configuration changes. 2021-04-09 12:58:57 -06:00
Todd C. Miller
163a5f08b5 Move relay configuration into its own section and add TLS options. 
TLS options in the relay section will be used if specified, otherwise
the TLS options from the server section are used.
 2021-04-08 19:14:05 -06:00
Todd C. Miller
25d4dd8e6d Add "server" and "relay" to getters/callbacks specific to server and relay. 2021-04-08 19:09:55 -06:00
Todd C. Miller
90770794db Remove struct logsrvd_tls_config. 
Now that the SSL context is initialized in logsrvd_conf.c there's
no need to export TLS configuration other than tls_check_peer.
 2021-04-08 18:07:59 -06:00
Todd C. Miller
9779996c3c No longer need struct logsrvd_tls_runtime, use SSL_CTX instead. 2021-04-08 15:39:26 -06:00
Todd C. Miller
990fa4f5ad Move allocation of the TLS context to logsrvd_conf_apply(). 
This way we get certificate errors at configuration time, not after.
It also means that a change to the config file that renders the TLS
settings invalid will no longer cause the server to exit.  The new
config will just be ignored as if there was a syntax error.
 2021-04-08 15:31:33 -06:00
Todd C. Miller
8f0c16f06e Only initialize the SSL library once. 2021-04-08 15:14:13 -06:00
Todd C. Miller
c2909e20ee Sanity check struct timespec in timestamp file. 
Coverity CID 220564
 2021-04-07 11:10:17 -06:00
Todd C. Miller
394673cbf5 Check lseek(fd, 0, SEEK_CUR) for -1 return value. 
Not actually possible in practice.  Coverity CID 220568.
 2021-04-07 10:59:12 -06:00
Todd C. Miller
42865567d7 Check for NULL ifa->ifa_addr and ifa->ifa_netmask in both loops. 2021-04-07 08:15:10 -06:00
Todd C. Miller
52c29aa7a0 Plug memory leak on overflow; Coverity CID 220556 2021-04-06 21:38:43 -06:00
Todd C. Miller
37e8b58684 In schedule_commit_point() do not free the closure on error. 
It is the caller's responsibility to free resources on error.
Coverity CID 220557
 2021-04-06 19:13:33 -06:00
Todd C. Miller
a2e4f53642 Cast NULL terminator argument to char * when calling sudo_mkgrent(). 
Avoids a portability issue on systems where NULL is not a pointer.
 2021-04-06 18:57:33 -06:00