isa/sudo
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
11,198 Commits 1 Branch 0 Tags
edf30c727398f8de75f5b366c47cc4ebe7ee25d0
Commit Graph

144 Commits

Author SHA1 Message Date
Todd C. Miller
70aef0eb2d sudo_debug_register: add minfd argument to specify lowest fd number 
Use this in sudo_intercept.so to avoid allocating a low-numbered
fd which the shell reserves for use by scripts.
 2021-08-26 09:57:24 -06:00
Todd C. Miller
9248ea6bbe Set umask to be less restrictive before creating parent directories. 
Otherwise we could end up creating them with a more restrictive
mode than indended.  Coverity CID 221592
 2021-08-14 10:49:51 -06:00
Todd C. Miller
0e2094471b Call shutdown() on sockets before closing() if they are connected. 
This should ensure that the other side sees any queued data before
the connection is dropped.
 2021-08-11 14:08:48 -06:00
Todd C. Miller
79129613e5 If SSL_shutdown() returns 0 it needs to be called one more time. 2021-08-11 10:16:36 -06:00
Todd C. Miller
9d776b4e7b Allow multiple accept/reject messages during a logsrv conversation. 
The log server now advertises a subcommands flag if it supports
logging subcommands (e.g. commands run from a sudo-spawned program
like a shell).  The client should only log additional commands
during a session if this flag is set in the ServerHello message.
 2021-08-09 15:50:25 -06:00
Todd C. Miller
030746ce57 Fix dead store found by clang analyzer. 2021-06-19 12:56:31 -06:00
Todd C. Miller
efaa173fbe Replace logsrvd_is_early() with logsrvd_warn_stderr(). 
This is now defined in logsrvd_conf.c which removes a dependency
on another compilation unit for the fuzzer.
 2021-06-16 08:45:29 -06:00
Todd C. Miller
74f034cbfb Reduce scope of errstr variable so it is only declared for OpenSSL. 2021-06-15 14:37:59 -06:00
Todd C. Miller
5a3bbba12b Use sudo_warnx?() instead of sudo_debug_printf for errors. 
We now hook the warn functions so the messages are logged.
The messages still show up in the debug log too.
 2021-06-15 13:58:12 -06:00
Todd C. Miller
2c1988410e Add support for logging server warning/error messages. 
We can use sudo_warn_set_conversation() to set a conversation
function that either writes to a log file or calls syslog().
 2021-06-13 18:27:36 -06:00
Todd C. Miller
7b33974f21 Remove logsrvd closure ERROR state and use a boolean flag instead. 
Fixes a bug where we would not insert a journal file that failed
to relay into the queue because its state was changed from CONNECTING
to ERROR after failing to connect.
 2021-06-08 19:51:54 -06:00
Todd C. Miller
caf096e1a1 Update closure->elapsed_time in journal_seek(). 
Otherwise the commit point messages won't be accurate when restarting.
 2021-05-04 10:45:12 -06:00
Todd C. Miller
5a39066343 Disable reading from client or relay when sending error to client. 
We treat an error from the relay as fatal and must stop processing
data from both client and relay to make sure we don't get out of sync.
 2021-05-03 19:18:10 -06:00
Todd C. Miller
c3534712de Fix I/O log restart of locally-store logs. 
This got broken a while ago when evlog in struct connection_closure
was changed to a pointer.
 2021-05-03 16:54:25 -06:00
Todd C. Miller
177816b787 Send outgoing messages to the relay server on startup. 
Also attempt to retry messages that could not be relayed periodically.
 2021-05-01 16:27:21 -06:00
Todd C. Miller
01bdfd3be2 Write client and server information to debug file on SIGUSR1 
This can be used to debug client problems such as a connection
not being closed as expected.
 2021-04-29 16:20:02 -06:00
Todd C. Miller
f92bb8840c Create journal files in an incoming directory, move to outgoing when complete. 
This will make it possible to process completed journal files
periodically if the relay server is down.
 2021-04-29 14:19:08 -06:00
Todd C. Miller
84a01d3a93 Move local iolog log functions to logsrvd_local.c 2021-04-27 14:46:27 -06:00
Todd C. Miller
e55991f244 Update debug pid string when sudo_logsrvd becomes a daemon. 2021-04-27 08:57:11 -06:00
Todd C. Miller
f25275ad5b Must call SSL_shutdown() before closing the underlying socket. 
This got broken by some code rearrangement when relay mode was added.
 2021-04-26 19:07:40 -06:00
Todd C. Miller
67029f3cc4 Recover if the client or relay server closes the TLS connection uncleanly. 
The other end of the connection should perform a proper TLS shutdown
but as long as we are in the correct state there is no need to treat
this as a user-visible error.
 2021-04-26 17:05:34 -06:00
Todd C. Miller
d9f0eba1fa Set a restrictive umask so new files are only read/write by owner. 
Coverity CID 221402
 2021-04-23 18:58:55 -06:00
Todd C. Miller
bfd5803bd2 In connection_closure_free() only close sock if it is not -1. 
When relaying from a journal there will be no socket.
Coverity CID 221403
 2021-04-23 17:02:35 -06:00
Todd C. Miller
57b8122cf3 Avoid potential NULL dereference in get_free_buf(). 
Coverity CID 221400
 2021-04-23 16:56:29 -06:00
Todd C. Miller
21641a27e4 Remove some now-dead code in the error path. 
Coverity CID 221397 and 221398
 2021-04-23 16:56:23 -06:00
Todd C. Miller
761b02d34f Use function pointers for each client message type instead of conditionals. 
This separats out the message handler from the functions that store
or relay the message contents.
 2021-04-23 16:56:21 -06:00
Todd C. Miller
64ac63918e Add enqueue_error_message() helper function. 
Formats and enqueues an error message and enables the write event.
 2021-04-23 16:56:20 -06:00
Todd C. Miller
050e91f8d1 Forward the journaled entry after it has been stored locally. 2021-04-23 16:56:18 -06:00
Todd C. Miller
280fabac38 Stash the value of the store_first config setting in connection_closure. 
If the configuration changes it should not affect a connection that
is already in progress.
 2021-04-23 16:56:17 -06:00
Todd C. Miller
c2d3070fa1 Journal messages to disk when store_first is set in the relay section. 
Instead of forwarding messages immediately, they are journaled
locally in wire format.
This will be used to implement relay store-and-forward mode.
 2021-04-23 16:55:30 -06:00
Todd C. Miller
110d9667e5 Use the packed message buffer when relaying if possible. 
There's no need to rebuild the message buffer for anything but
RestartMessage and ClientHello.
 2021-04-19 09:44:37 -06:00
Todd C. Miller
935daf6b7e Allocate the data buffer in get_free_buf() too. 
We always know the size of the data buffer we need at allocation time.
 2021-04-18 17:10:53 -06:00
Todd C. Miller
3dce67ec10 Relay ChangeWindowSize and CommandSuspend events too. 2021-04-17 07:59:13 -06:00
Todd C. Miller
163a5f08b5 Move relay configuration into its own section and add TLS options. 
TLS options in the relay section will be used if specified, otherwise
the TLS options from the server section are used.
 2021-04-08 19:14:05 -06:00
Todd C. Miller
25d4dd8e6d Add "server" and "relay" to getters/callbacks specific to server and relay. 2021-04-08 19:09:55 -06:00
Todd C. Miller
90770794db Remove struct logsrvd_tls_config. 
Now that the SSL context is initialized in logsrvd_conf.c there's
no need to export TLS configuration other than tls_check_peer.
 2021-04-08 18:07:59 -06:00
Todd C. Miller
9779996c3c No longer need struct logsrvd_tls_runtime, use SSL_CTX instead. 2021-04-08 15:39:26 -06:00
Todd C. Miller
990fa4f5ad Move allocation of the TLS context to logsrvd_conf_apply(). 
This way we get certificate errors at configuration time, not after.
It also means that a change to the config file that renders the TLS
settings invalid will no longer cause the server to exit.  The new
config will just be ignored as if there was a syntax error.
 2021-04-08 15:31:33 -06:00
Todd C. Miller
37e8b58684 In schedule_commit_point() do not free the closure on error. 
It is the caller's responsibility to free resources on error.
Coverity CID 220557
 2021-04-06 19:13:33 -06:00
Todd C. Miller
86c815fd61 Add logsrvd_conf_cleanup() to free the conf data structures on exit. 
There is no longer a need to do anything in shutdown_cb() other
than break out of the event loop.
 2021-04-06 14:44:19 -06:00
Todd C. Miller
d60b8a791c Add a relay mode to sudo_logsrvd where it forwards instead of stores. 
Relay hosts are be specified in the server section of sudo_logsrvd.conf.
 2021-04-06 14:44:19 -06:00
Todd C. Miller
343100307d Split most of server_commit_cb() out into schedule_commit_point(). 
This allows it to be used by the relay code too.
 2021-04-06 14:44:19 -06:00
Todd C. Miller
533fcc3f02 Try to send an error message to client for some client_msg_cb() failures. 2021-04-06 14:44:19 -06:00
Todd C. Miller
8101b23e54 Rename listen_address -> server_address and add reference counting. 
This will be used by the upcoming relay mode.
 2021-04-06 14:44:19 -06:00
Todd C. Miller
71e5275a1c Move common TLS initialization code to tls_init.c. 2021-03-10 16:29:27 -07:00
Todd C. Miller
7bb5eef9d9 Use a tailq of write buffers instead of a single one per connection. 
This allows us to queue up multiple messages for writing like the
sudoers client supports.  Currently, each connection has its own
free list.  In the future we may want a single free list with low
and high water marks.
 2021-04-06 14:30:16 -06:00
Todd C. Miller
1c6080f135 Remove unused tls parameter, we now use a per-address tls flag. 2021-03-05 14:48:08 -07:00
Todd C. Miller
d452678787 Log peer address in sudo_logsrvd JSON-format logs. 
The peer that connected to us might not be the same host where the
log entry originated.
 2021-03-02 18:37:35 -07:00
Todd C. Miller
dceab7d756 Break up the long help string into multiple printf() statements. 
AIX xlc compiler doesn't like cpp directives in between strings.
Also fixes a complaint from cppcheck and makes translation easier.
 2021-01-28 08:53:25 -07:00
Todd C. Miller
f6452c7caf Avoid potential use after free with eventlog-only connections. 
Coverity CID 215884.
 2021-01-02 10:43:34 -07:00