isa/sudo
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
11,713 Commits 1 Branch 0 Tags
e5834bd405906ba8ebde4f9ba99db6eb8b40a44d
Commit Graph

30 Commits

Author SHA1 Message Date
Todd C. Miller
e5834bd405 Use #include <config.h> not #include "config.h" for consistency. 
Otherwise, some compilers may do the wrong thing in a build
dir if there is a config.h file in the source dir too.
 2022-06-29 08:47:16 -06:00
Todd C. Miller
13672f28df Make sudo pass -Wwrite-strings 2022-06-28 16:33:15 -06:00
Todd C. Miller
f5ac1317c4 Make sudo pass -Wmissing-prototypes 2022-06-27 12:48:03 -06:00
Todd C. Miller
d04810c4f2 Save a pointer to the event_alloc parameter in the plugin open function. 
That way we don't need to pass event_alloc around to the log client
functions.
 2022-06-09 13:05:21 -06:00
Todd C. Miller
c20c3b5631 Only display "unable to connect to log server" warning once. 
Previously, in intercept mode, if the log server is unreachable the
message would be printed for each sub-command.
 2022-05-31 20:03:17 -06:00
Todd C. Miller
38c6e1bffb Standardize protobuf "unable to unpack" warning messages. 2022-05-26 09:35:18 -06:00
Todd C. Miller
d7df7abf87 If ERR_reason_error_string() returns NULL, fall back on strerror(errno). 
That way we get reasonable error messages for missing files, etc.
 2022-05-17 09:18:03 -06:00
Todd C. Miller
c7ed03c986 sudo_logsrvd: update elapsed time for winsize and suspend in journal mode 
Fixes a bug in store-first relay mode where the commit point messages
sent by the server were incorrect.
 2022-04-24 17:26:05 -06:00
Todd C. Miller
c236d58b5a Set client_closure to NULL after freeing it. 2022-02-03 10:55:45 -07:00
Todd C. Miller
3f1bb7bc97 client_closure_alloc: init write_bufs/free_bufs before other allocations. 
We must initialize the tail queues before any possible call to
client_closure_free(), such as due to malloc() failure.
 2022-02-03 10:40:03 -07:00
Todd C. Miller
cc6157d7d4 Add support for WolfSSL's OpenSSL compatibility layer. 
Based on changes from Hayden Roche
 2021-10-25 13:17:57 -06:00
Todd C. Miller
00f0c233b2 Only include log_client.h if SUDOERS_LOG_CLIENT is defined. 2021-10-21 19:46:35 -06:00
Todd C. Miller
0eb677b74a Only store the first log id received from the server. 
Plugs a small memory leak in intercept mode if the log server sends
the log ID again for sub-commands.
 2021-09-20 07:49:31 -06:00
Todd C. Miller
0e2094471b Call shutdown() on sockets before closing() if they are connected. 
This should ensure that the other side sees any queued data before
the connection is dropped.
 2021-08-11 14:08:48 -06:00
Todd C. Miller
79129613e5 If SSL_shutdown() returns 0 it needs to be called one more time. 2021-08-11 10:16:36 -06:00
Todd C. Miller
2e99450d40 Fix logging intercepted commands to a log server in sudoers. 
Only available when the server supports the subcommands capability.
 2021-08-09 15:50:26 -06:00
Todd C. Miller
36fbb13c4c Use TLS_method() instead of TLS_client_method() throughout. 
OpenSSL returns an error for SSL_accept() if TLS_client_method()
was used to generate the context (LibreSSL doesn't care).

Prior to sudo 1.9.7, TLS_client_method() and TLS_server_method()
were used in the TLS client and server initialization code respectively.
This was refactored in sudo 1.9.7 to allow the code to be shared.
Bug #988
 2021-07-26 13:40:25 -06:00
Todd C. Miller
78849e6728 Don't include errno in "unable to connect to log server" message. 
There should be a more specific message, usually with an error
string, displayed earlier.
 2021-05-12 12:19:44 -06:00
Todd C. Miller
f2155c704f Better warning when close function is passed a non-terminal signal. 2021-05-10 13:45:25 -06:00
Todd C. Miller
109a0331a5 Don't hard-code the TLS connect timeout, use normal connect timeout. 
For sudo_logsrvd, this is the relay connect_timeout setting.
For sudoers, this is the log_server_timeout setting.
 2021-05-03 09:01:00 -06:00
Todd C. Miller
376ad5e6b4 Do not add an unfinished write buffer to the queue if it is already present. 
In client_msg_cb() we only remove a buffer from the queue when it is
finished.  Inserting the buf again can cause a cycle in the queue.
 2021-01-21 12:46:48 -07:00
Todd C. Miller
eb536d8b7c Fix problem when SSL_read() returns SSL_ERROR_WANT_WRITE. This can 
happen when the socket cannot be written to immediately.
We need to set the read_instead_of_write flag in that case, _not_
write_instead_of_read.  Also sync comments with sendlog.c.
Bug #954
 2021-01-20 11:25:23 -07:00
Todd C. Miller
67e6e2085a Reduce the number of error messages when we can't connect to the audit server. 
Add the error string to "unable to connect to log server" instead of
using an extra error message for the connect(2) failure.
 2020-12-03 13:20:18 -07:00
Todd C. Miller
a19f242796 Use correct error message when the TLS connection is dropped. 
Was: "recv: Unknown error 0", now: "lost connection to log server".
 2020-12-03 11:42:20 -07:00
Todd C. Miller
cb87253d1e It is possible for evlog->argv or evlog->envp to be NULL. 2020-11-17 13:43:31 -07:00
Todd C. Miller
72df19088b Refactor code to format the client message after the hello. 2020-11-09 18:32:37 -07:00
Todd C. Miller
9779009fae Add info_msgs to AlertMessage and populate it. 
This lets us log eventlog info along with the alert if it is available.
 2020-11-09 17:15:11 -07:00
Todd C. Miller
62525dcc94 Log reject and alert messages to the log server if one is defined. 2020-11-09 17:15:02 -07:00
Todd C. Miller
e56c3b342b Rename iolog_plugin.h to log_client.h. 
It is no longer I/O log specific and is used by sudoers_audit too.
 2020-11-09 17:13:04 -07:00
Todd C. Miller
62547746d3 Rename iolog_client -> log_client. 
The logsrvd client code is now used for more than just I/O logging.
 2020-11-09 17:13:04 -07:00