isa/sudo
1
0
Fork 0
Code Issues Pull Requests Actions 1 Packages Projects Releases Wiki Activity
12,536 Commits 1 Branch 0 Tags
f6291bf83e434c44b51b47322a19d5c93f4eb956
Commit Graph

83 Commits

Author SHA1 Message Date
Todd C. Miller
4891f37a45 sudo_logsrvd: silence most -Wconversion warnings. 2023-07-07 15:07:04 -06:00
Todd C. Miller
4363d03ef7 Convert config file paths to colon-separated path list. 
This means that _PATH_SUDO_CONF, _PATH_SUDOERS, _PATH_SUDO_LOGSRVD_CONF,
and _PATH_CVTSUDOERS_CONF can now specify multiple files.  The first
file that exists is used.
 2023-05-02 10:37:38 -06:00
Todd C. Miller
978aa90021 No longer need to set AI_NUMERICSERV while fuzzing. 
Now that getaddrinfo() is stubbed out while fuzzing we can remove
the hack that set AI_NUMERICSERV.
 2023-04-28 13:26:53 -06:00
Todd C. Miller
49df977c2f Avoid DNS lookups when fuzzing. 2023-01-31 08:59:50 -07:00
Todd C. Miller
b6151781ce Quiet some harmless PVS Studio warnings. 2022-06-29 10:08:55 -06:00
Todd C. Miller
54ed54d94e Use "unable to allocate memory" warning on malloc failure. 
This is consistent with the rest of the sudo source code.
 2022-06-29 10:00:03 -06:00
Todd C. Miller
3e21c8da5c Add missing PVS Studio Open Source comments. 
Also avoid checking protobuf-c source and protobuf-c generated files.
 2022-06-29 09:45:04 -06:00
Todd C. Miller
e5834bd405 Use #include <config.h> not #include "config.h" for consistency. 
Otherwise, some compilers may do the wrong thing in a build
dir if there is a config.h file in the source dir too.
 2022-06-29 08:47:16 -06:00
Todd C. Miller
13672f28df Make sudo pass -Wwrite-strings 2022-06-28 16:33:15 -06:00
Todd C. Miller
0ca222aa88 Fix inverted logic when setting server_log. 
A value that starts with a '/' should be treated as a path.
 2022-06-02 10:59:30 -06:00
Todd C. Miller
ad719d06be Fix parsing of "retry_interval" in the relay section. 
The setting was present but the callback was missing so it could
not be parsed in the conf file.
 2022-02-01 13:08:40 -07:00
Todd C. Miller
2df2276d56 Use TIME_T_MAX as the upper limit when parsing timeouts. 2022-02-01 13:07:27 -07:00
Todd C. Miller
be4d62e9a4 Check for garbage after [section] in sudo_logsrvd.conf. 2022-01-29 10:50:03 -07:00
Todd C. Miller
9b93961b3e Add new log_passwords and passprompt_regex settings. 
When logging terminal input, if log_passwords is false and any
of the regular expressions in the passprompt_regex list are found
in the terminal output, terminal input will be replaced with '*'
characters until a newline or carriage return is found in the input
or an output character is received.
 2022-01-28 08:52:42 -07:00
Todd C. Miller
87c1dd9d7d Move include of log_server.pb-c.h into logsrvd.h and sendlog.h 
This way there is no include file order issue with the
PROTOBUF_C_VERSION_NUMBER check.
 2021-10-25 12:25:24 -06:00
Todd C. Miller
bb5843055e Replace messages like "unknown foo: %s" with "unknown foo %s". 
The colon really doesn't belong there; we generally use a colon to
separate a message from the warning detail.
 2021-08-19 09:44:11 -06:00
Todd C. Miller
e17003b35c Sync warning messages with sudoers/logging.c 
Avoids 3 translation strings that were effectively duplicated.
 2021-08-19 09:09:19 -06:00
Todd C. Miller
bfcc31b19b Print the section when warning about an illegal key in the conf file. 
This should make it easier to tell when a setting is present in the
wrong section.
 2021-08-16 10:44:48 -06:00
Todd C. Miller
9248ea6bbe Set umask to be less restrictive before creating parent directories. 
Otherwise we could end up creating them with a more restrictive
mode than indended.  Coverity CID 221592
 2021-08-14 10:49:51 -06:00
Todd C. Miller
0dd2b6442a Add log_exit setting in the sudo_logsrvd.conf eventlog stanza 
This causes sudo_logsrvd to log a record with the exit status or
terminating signal in response to an ExitMessage.
 2021-07-09 11:08:44 -06:00
Todd C. Miller
442778aee1 Fix prefix skipping when the prefix is embedded and not separate. 
This doesn't currently matter since the progname and the ": " are
stored in separate messages.  Found by clang analyzer.
 2021-06-19 12:56:04 -06:00
Todd C. Miller
efaa173fbe Replace logsrvd_is_early() with logsrvd_warn_stderr(). 
This is now defined in logsrvd_conf.c which removes a dependency
on another compilation unit for the fuzzer.
 2021-06-16 08:45:29 -06:00
Todd C. Miller
5a3bbba12b Use sudo_warnx?() instead of sudo_debug_printf for errors. 
We now hook the warn functions so the messages are logged.
The messages still show up in the debug log too.
 2021-06-15 13:58:12 -06:00
Todd C. Miller
d311c7b2ee If logsrvd_config not set fall back to using stderr for warnings. 
Also fix fuzz_logsrvd_conf link error.
 2021-06-13 18:42:09 -06:00
Todd C. Miller
2c1988410e Add support for logging server warning/error messages. 
We can use sudo_warn_set_conversation() to set a conversation
function that either writes to a log file or calls syslog().
 2021-06-13 18:27:36 -06:00
Todd C. Miller
f49930c62e Make the failed relay retry interval configurable. 
This is the amount of time to wait before trying to resend a
journal to the relay server after a connection error.
 2021-05-02 06:19:32 -06:00
Todd C. Miller
d4bdc85d74 Replace non-ascii characters in warning string. 2021-04-27 16:39:43 -06:00
Todd C. Miller
c2d3070fa1 Journal messages to disk when store_first is set in the relay section. 
Instead of forwarding messages immediately, they are journaled
locally in wire format.
This will be used to implement relay store-and-forward mode.
 2021-04-23 16:55:30 -06:00
Todd C. Miller
6f5b353e87 Add configuration for sudo_logsrvd store-and-forward mode. 
Adds "relay_dir" and "store_first" settings to sudo_logsrvd.conf
in the [relay] section.  Also adds a --with-relaydir configure
argument to change the default value (usually /var/log/logsrvd-relay.
 2021-04-23 16:54:15 -06:00
Todd C. Miller
4e9baba2b5 Set logsrvd_config to NULL in logsrvd_conf_cleanup() after freeing it. 
Fixes a double free in fuzz_logsrvd_conf (but not sudo_logsrvd itself).
Also fix linking fuzz_logsrvd_conf with OpenSSL.
 2021-04-09 14:02:50 -06:00
Todd C. Miller
163a5f08b5 Move relay configuration into its own section and add TLS options. 
TLS options in the relay section will be used if specified, otherwise
the TLS options from the server section are used.
 2021-04-08 19:14:05 -06:00
Todd C. Miller
25d4dd8e6d Add "server" and "relay" to getters/callbacks specific to server and relay. 2021-04-08 19:09:55 -06:00
Todd C. Miller
90770794db Remove struct logsrvd_tls_config. 
Now that the SSL context is initialized in logsrvd_conf.c there's
no need to export TLS configuration other than tls_check_peer.
 2021-04-08 18:07:59 -06:00
Todd C. Miller
9779996c3c No longer need struct logsrvd_tls_runtime, use SSL_CTX instead. 2021-04-08 15:39:26 -06:00
Todd C. Miller
990fa4f5ad Move allocation of the TLS context to logsrvd_conf_apply(). 
This way we get certificate errors at configuration time, not after.
It also means that a change to the config file that renders the TLS
settings invalid will no longer cause the server to exit.  The new
config will just be ignored as if there was a syntax error.
 2021-04-08 15:31:33 -06:00
Todd C. Miller
86c815fd61 Add logsrvd_conf_cleanup() to free the conf data structures on exit. 
There is no longer a need to do anything in shutdown_cb() other
than break out of the event loop.
 2021-04-06 14:44:19 -06:00
Todd C. Miller
ec52810c0b Don't allow a wildcard address for the relay parameter. 2021-04-06 14:44:19 -06:00
Todd C. Miller
30f57bcdce Add sa_host to struct server_address as a ref counted string. 
Also convert sa_str to ref counted string.
 2021-04-06 14:44:19 -06:00
Todd C. Miller
d60b8a791c Add a relay mode to sudo_logsrvd where it forwards instead of stores. 
Relay hosts are be specified in the server section of sudo_logsrvd.conf.
 2021-04-06 14:44:19 -06:00
Todd C. Miller
8101b23e54 Rename listen_address -> server_address and add reference counting. 
This will be used by the upcoming relay mode.
 2021-04-06 14:44:19 -06:00
Todd C. Miller
1c6080f135 Remove unused tls parameter, we now use a per-address tls flag. 2021-03-05 14:48:08 -07:00
Todd C. Miller
d235083342 Add simple fuzzer for sudo_logsrvd.conf parser. 2021-02-15 15:52:17 -07:00
Todd C. Miller
0f6d581abd If pid_file is set to an empty value, disable the use of a pid file. 2020-11-24 09:43:00 -07:00
Todd C. Miller
e0c2635fb3 Apply Google inclusive language guidelines. 
Also replace backwards with backward.
 2020-10-30 10:15:30 -06:00
Todd C. Miller
d899fe5936 Use real setters for the eventlog config. 
This makes it possible to have a base config that the callers can
modify instead of replacing the config wholesale.
 2020-10-26 16:10:42 -06:00
Todd C. Miller
b9aff696fb No longer need eventlog-related getters in logsrvd.c 2020-10-26 15:29:44 -06:00
Todd C. Miller
8c43340474 Use libeventlog in sudo_logsrvd. 2020-10-26 15:26:02 -06:00
Todd C. Miller
e92d10011e Rename sa_len -> sa_size to avoid a conflict on UnixWare and others. 
On some systems, sa_len is a #define for 4.4BSD compatibility.
 2020-09-04 16:06:37 -06:00
Todd C. Miller
cbad17a994 Move inclusion of compat headers up with the system headers. 
Now that sudo_dso_public is defined in config.h we don't need sudo_compat.h
before including the compat headers.
 2020-08-12 10:07:07 -06:00
Todd C. Miller
076d0376db We no longer need to include sudo_gettext.h before sudo_compat.h 2020-08-12 09:50:35 -06:00