summaryrefslogtreecommitdiff
path: root/logsrvd/logsrvd.c
Commit message (Collapse)AuthorAgeFilesLines
* Convert config file paths to colon-separated path list.Todd C. Miller2023-05-021-2/+3
| | | | | | This means that _PATH_SUDO_CONF, _PATH_SUDOERS, _PATH_SUDO_LOGSRVD_CONF, and _PATH_CVTSUDOERS_CONF can now specify multiple files. The first file that exists is used.
* Check for sudo_pow2_roundup() overflow.Todd C. Miller2023-03-011-10/+18
| | | | | | Calling sudo_pow2_roundup(INT_MAX+2) will return since there is no power of 2 larger than INT_MAX+1 that fits in an unsigned int. This is not an issue in practice since we restrict messages to 2Mib.
* Protect use of AF_INET6 with HAVE_STRUCT_IN6_ADDR guards.Todd C. Miller2023-01-311-1/+3
| | | | From Tim Rice.
* Add missing NULL checks for mandatory fields in protobuf messages.Todd C. Miller2022-09-281-1/+32
| | | | | Also no longer reject an InfoMessage with an unknown value_case, just log and ignore it.
* Convert remaining uses of sudo_mkdir_parents() to sudo_open_parent_dir().Todd C. Miller2022-09-211-5/+6
|
* Quiet some harmless PVS Studio warnings.Todd C. Miller2022-06-291-5/+5
|
* Add missing PVS Studio Open Source comments.Todd C. Miller2022-06-291-0/+5
| | | | Also avoid checking protobuf-c source and protobuf-c generated files.
* Use #include <config.h> not #include "config.h" for consistency.Todd C. Miller2022-06-291-1/+1
| | | | | Otherwise, some compilers may do the wrong thing in a build dir if there is a config.h file in the source dir too.
* Make sudo pass -Wmissing-prototypesTodd C. Miller2022-06-271-1/+1
|
* Treat EINTR in a callback like we do EAGAIN.Todd C. Miller2022-06-071-4/+5
| | | | | We shouldn't get EINTR in practice since we set SA_RESTART when registering signal handlers but it doesn't hurt to be consistent.
* If write(2) returns EAGAIN just re-enter the event loop.Todd C. Miller2022-06-061-0/+2
| | | | This is consistent with how we handle EAGAIN for read(2).
* Quiet two clang analyzer false positives.Todd C. Miller2022-06-031-0/+1
|
* union sockaddr_union: pass in sockaddr_union * instead of sockaddr *.Todd C. Miller2022-06-031-12/+10
| | | | | This eliminates the need for a few casts and is consistent with how create_listener() is written.
* Standardize protobuf "unable to unpack" warning messages.Todd C. Miller2022-05-261-1/+1
|
* If ERR_reason_error_string() returns NULL, fall back on strerror(errno).Todd C. Miller2022-05-171-7/+12
| | | | That way we get reasonable error messages for missing files, etc.
* Avoid TOCTOU in sudo_mkdir_parents() using openat(2) and mkdirat(2).Todd C. Miller2021-12-111-2/+1
| | | | This also allows us to make path const as it should be.
* Add support for WolfSSL's OpenSSL compatibility layer.Todd C. Miller2021-10-251-6/+1
| | | | Based on changes from Hayden Roche
* Move include of log_server.pb-c.h into logsrvd.h and sendlog.hTodd C. Miller2021-10-251-1/+0
| | | | | This way there is no include file order issue with the PROTOBUF_C_VERSION_NUMBER check.
* Fix potential use-after-free when calling iolog_flush_all().Todd C. Miller2021-10-191-4/+4
| | | | | | We need to call iolog_flush_all() _before_ scheduling the commit point. If we fail to schedule to commit point, the closure will be freed. Coverity CID 220557
* No need to flush logs before commit point if we flush after each write.Todd C. Miller2021-10-161-1/+4
| | | | | Also document that logs are flushed before sending a commit point even when flushing is disabled.
* Flush I/O logs before we send a commit point.Todd C. Miller2021-10-151-0/+1
| | | | | | The commit point message means we have written the data to disk so we should not be buffering it any longer. We do not currently fsync(2) the data after flushing, perhaps we should.
* sudo_debug_register: add minfd argument to specify lowest fd numberTodd C. Miller2021-08-261-2/+2
| | | | | Use this in sudo_intercept.so to avoid allocating a low-numbered fd which the shell reserves for use by scripts.
* Set umask to be less restrictive before creating parent directories.Todd C. Miller2021-08-141-0/+6
| | | | | Otherwise we could end up creating them with a more restrictive mode than indended. Coverity CID 221592
* Call shutdown() on sockets before closing() if they are connected.Todd C. Miller2021-08-111-1/+3
| | | | | This should ensure that the other side sees any queued data before the connection is dropped.
* If SSL_shutdown() returns 0 it needs to be called one more time.Todd C. Miller2021-08-111-1/+2
|
* Allow multiple accept/reject messages during a logsrv conversation.Todd C. Miller2021-08-091-4/+8
| | | | | | | The log server now advertises a subcommands flag if it supports logging subcommands (e.g. commands run from a sudo-spawned program like a shell). The client should only log additional commands during a session if this flag is set in the ServerHello message.
* Fix dead store found by clang analyzer.Todd C. Miller2021-06-191-3/+4
|
* Replace logsrvd_is_early() with logsrvd_warn_stderr().Todd C. Miller2021-06-161-9/+3
| | | | | This is now defined in logsrvd_conf.c which removes a dependency on another compilation unit for the fuzzer.
* Reduce scope of errstr variable so it is only declared for OpenSSL.Todd C. Miller2021-06-151-3/+4
|
* Use sudo_warnx?() instead of sudo_debug_printf for errors.Todd C. Miller2021-06-151-121/+79
| | | | | We now hook the warn functions so the messages are logged. The messages still show up in the debug log too.
* Add support for logging server warning/error messages.Todd C. Miller2021-06-131-9/+30
| | | | | We can use sudo_warn_set_conversation() to set a conversation function that either writes to a log file or calls syslog().
* Remove logsrvd closure ERROR state and use a boolean flag instead.Todd C. Miller2021-06-081-5/+8
| | | | | | Fixes a bug where we would not insert a journal file that failed to relay into the queue because its state was changed from CONNECTING to ERROR after failing to connect.
* Update closure->elapsed_time in journal_seek().Todd C. Miller2021-05-041-1/+1
| | | | Otherwise the commit point messages won't be accurate when restarting.
* Disable reading from client or relay when sending error to client.Todd C. Miller2021-05-031-10/+15
| | | | | We treat an error from the relay as fatal and must stop processing data from both client and relay to make sure we don't get out of sync.
* Fix I/O log restart of locally-store logs.Todd C. Miller2021-05-031-3/+5
| | | | | This got broken a while ago when evlog in struct connection_closure was changed to a pointer.
* Send outgoing messages to the relay server on startup.Todd C. Miller2021-05-011-1/+17
| | | | Also attempt to retry messages that could not be relayed periodically.
* Write client and server information to debug file on SIGUSR1Todd C. Miller2021-04-291-0/+81
| | | | | This can be used to debug client problems such as a connection not being closed as expected.
* Create journal files in an incoming directory, move to outgoing when complete.Todd C. Miller2021-04-291-0/+4
| | | | | This will make it possible to process completed journal files periodically if the relay server is down.
* Move local iolog log functions to logsrvd_local.cTodd C. Miller2021-04-271-274/+1
|
* Update debug pid string when sudo_logsrvd becomes a daemon.Todd C. Miller2021-04-271-1/+1
|
* Must call SSL_shutdown() before closing the underlying socket.Todd C. Miller2021-04-261-6/+9
| | | | This got broken by some code rearrangement when relay mode was added.
* Recover if the client or relay server closes the TLS connection uncleanly.Todd C. Miller2021-04-261-3/+12
| | | | | | The other end of the connection should perform a proper TLS shutdown but as long as we are in the correct state there is no need to treat this as a user-visible error.
* Set a restrictive umask so new files are only read/write by owner.Todd C. Miller2021-04-231-0/+3
| | | | Coverity CID 221402
* In connection_closure_free() only close sock if it is not -1.Todd C. Miller2021-04-231-1/+2
| | | | | When relaying from a journal there will be no socket. Coverity CID 221403
* Avoid potential NULL dereference in get_free_buf().Todd C. Miller2021-04-231-1/+1
| | | | Coverity CID 221400
* Remove some now-dead code in the error path.Todd C. Miller2021-04-231-5/+0
| | | | Coverity CID 221397 and 221398
* Use function pointers for each client message type instead of conditionals.Todd C. Miller2021-04-231-263/+333
| | | | | This separats out the message handler from the functions that store or relay the message contents.
* Add enqueue_error_message() helper function.Todd C. Miller2021-04-231-22/+35
| | | | Formats and enqueues an error message and enables the write event.
* Forward the journaled entry after it has been stored locally.Todd C. Miller2021-04-231-74/+134
|
* Stash the value of the store_first config setting in connection_closure.Todd C. Miller2021-04-231-10/+11
| | | | | If the configuration changes it should not affect a connection that is already in progress.
View Lorry Controller Status