Allow multiple accept/reject messages during a logsrv conversation.

The log server now advertises a subcommands flag if it supports logging subcommands (e.g. commands run from a sudo-spawned program like a shell). The client should only log additional commands during a session if this flag is set in the ServerHello message.
author: Todd C. Miller <Todd.Miller@sudo.ws> 2021-08-09 15:50:25 -0600
committer: Todd C. Miller <Todd.Miller@sudo.ws> 2021-08-09 15:50:25 -0600
commit: 85dd65357c97bed2036143282eef39e8aee88622 (patch)
tree: de5e8a0b23e1a368182be93ddf431ec2296b9121 /logsrvd/logsrvd.c
parent: b20c48339a3adb99f78f10c73bbfceda34bc0599 (diff)
download: sudo-85dd65357c97bed2036143282eef39e8aee88622.tar.gz
1 files changed, 8 insertions, 4 deletions
diff --git a/logsrvd/logsrvd.c b/logsrvd/logsrvd.c
index 9115e8480..76cea5050 100644
--- a/logsrvd/logsrvd.c
+++ b/logsrvd/logsrvd.c
@@ -361,6 +361,7 @@ fmt_hello_message(struct connection_closure *closure)
 
     /* TODO: implement redirect and servers array.  */
     hello.server_id = (char *)server_id;
+    hello.subcommands = true;
     msg.u.hello = &hello;
     msg.type_case = SERVER_MESSAGE__TYPE_HELLO;
 
@@ -438,7 +439,8 @@ handle_accept(AcceptMessage *msg, uint8_t *buf, size_t len,
     bool ret;
     debug_decl(handle_accept, SUDO_DEBUG_UTIL);
 
-    if (closure->state != INITIAL) {
+    /* We can get an AcceptMessage for a sub-command during a session. */
+    if (closure->state == EXITED || closure->state == FINISHED) {
 	sudo_warnx(U_("unexpected state %d for %s"), closure->state, source);
 	closure->errstr = _("state machine error");
 	debug_return_bool(false);
@@ -454,7 +456,7 @@ handle_accept(AcceptMessage *msg, uint8_t *buf, size_t len,
 	__func__, source);
 
     ret = closure->cms->accept(msg, buf, len, closure);
-    if (ret) {
+    if (ret && closure->state == INITIAL) {
 	if (msg->expect_iobufs)
 	    closure->log_io = true;
 	closure->state = RUNNING;
@@ -474,7 +476,8 @@ handle_reject(RejectMessage *msg, uint8_t *buf, size_t len,
     bool ret;
     debug_decl(handle_reject, SUDO_DEBUG_UTIL);
 
-    if (closure->state != INITIAL) {
+    /* We can get a RejectMessage for a sub-command during a session. */
+    if (closure->state == EXITED || closure->state == FINISHED) {
 	sudo_warnx(U_("unexpected state %d for %s"), closure->state, source);
 	closure->errstr = _("state machine error");
 	debug_return_bool(false);
@@ -490,8 +493,9 @@ handle_reject(RejectMessage *msg, uint8_t *buf, size_t len,
 	__func__, source);
 
     ret = closure->cms->reject(msg, buf, len, closure);
-    if (ret)
+    if (ret && closure->state == INITIAL) {
 	closure->state = FINISHED;
+    }
 
     debug_return_bool(ret);
 }
author	Todd C. Miller <Todd.Miller@sudo.ws>	2021-08-09 15:50:25 -0600
committer	Todd C. Miller <Todd.Miller@sudo.ws>	2021-08-09 15:50:25 -0600
commit	85dd65357c97bed2036143282eef39e8aee88622 (patch)
tree	de5e8a0b23e1a368182be93ddf431ec2296b9121 /logsrvd/logsrvd.c
parent	b20c48339a3adb99f78f10c73bbfceda34bc0599 (diff)
download	sudo-85dd65357c97bed2036143282eef39e8aee88622.tar.gz