Book a Demo!
CoCalc Logo Icon
StoreFeaturesDocsShareSupportNewsAboutPoliciesSign UpSign In
sudo-project
GitHub Repository: sudo-project/sudo
 Path: blob/main/logsrvd/logsrvd.h
1532 views
1
/*

2
 * SPDX-License-Identifier: ISC

3
 *

4
 * Copyright (c) 2019-2022 Todd C. Miller <[email protected]>

5
 *

6
 * Permission to use, copy, modify, and distribute this software for any

7
 * purpose with or without fee is hereby granted, provided that the above

8
 * copyright notice and this permission notice appear in all copies.

9
 *

10
 * THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES

11
 * WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF

12
 * MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR

13
 * ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES

14
 * WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN

15
 * ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF

16
 * OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.

17
 */

18


19
#ifndef SUDO_LOGSRVD_H

20
#define SUDO_LOGSRVD_H

21


22
#include <log_server.pb-c.h>

23
#if PROTOBUF_C_VERSION_NUMBER < 1003000

24
# error protobuf-c version 1.30 or higher required

25
#endif

26


27
#include <config.h>

28


29
#if defined(HAVE_OPENSSL)

30
# if defined(HAVE_WOLFSSL)

31
#  include <wolfssl/options.h>

32
# endif

33
# include <openssl/ssl.h>

34
# include <openssl/err.h>

35
#endif

36


37
#include "logsrv_util.h"

38
#include <tls_common.h>

39


40
/* Default timeout value for server socket */

41
#define DEFAULT_SOCKET_TIMEOUT_SEC 30

42


43
/* How often to send an ACK to the client (commit point) in seconds */

44
#define ACK_FREQUENCY	10

45


46
/* Shutdown timeout (in seconds) in case client connections time out. */

47
#define SHUTDOWN_TIMEO	10

48


49
#define valid_timespec(ts) ((ts) != NULL && \

50
    (ts)->tv_sec >= 0 && (ts)->tv_nsec >= 0 && (ts)->tv_nsec < 1000000000)

51


52
/*

53
 * Connection status.

54
 * In the RUNNING state we expect I/O log buffers.

55
 */

56
enum connection_status {

57
    INITIAL,

58
    CONNECTING,

59
    RUNNING,

60
    EXITED,

61
    SHUTDOWN,

62
    FINISHED

63
};

64


65
/*

66
 * Per-connection relay state.

67
 */

68
struct relay_closure {

69
    struct server_address_list *relays;

70
    struct server_address *relay_addr;

71
    struct sudo_event *read_ev;

72
    struct sudo_event *write_ev;

73
    struct sudo_event *connect_ev;

74
    struct connection_buffer read_buf;

75
    struct connection_buffer_list write_bufs;

76
    struct peer_info relay_name;

77
#if defined(HAVE_OPENSSL)

78
    struct tls_client_closure tls_client;

79
#endif

80
    int sock;

81
    bool read_instead_of_write;

82
    bool write_instead_of_read;

83
    bool temporary_write_event;

84
};

85


86
/*

87
 * Per-connection state.

88
 */

89
struct connection_closure {

90
    TAILQ_ENTRY(connection_closure) entries;

91
    struct client_message_switch *cms;

92
    struct relay_closure *relay_closure;

93
    struct eventlog *evlog;

94
    struct timespec elapsed_time;

95
    struct connection_buffer read_buf;

96
    struct connection_buffer_list write_bufs;

97
    struct connection_buffer_list free_bufs;

98
    struct sudo_event_base *evbase;

99
    struct sudo_event *commit_ev;

100
    struct sudo_event *read_ev;

101
    struct sudo_event *write_ev;

102
#if defined(HAVE_OPENSSL)

103
    struct sudo_event *ssl_accept_ev;

104
    char *name;

105
    SSL *ssl;

106
#endif

107
    const char *errstr;

108
    FILE *journal;

109
    char *journal_path;

110
    struct iolog_file iolog_files[IOFD_MAX];

111
    int iolog_dir_fd;

112
    int sock;

113
    enum connection_status state;

114
    bool error;

115
    bool tls;

116
    bool log_io;

117
    bool store_first;

118
    bool read_instead_of_write;

119
    bool write_instead_of_read;

120
    bool temporary_write_event;

121
    unsigned char uuid[16];

122
#ifdef HAVE_STRUCT_IN6_ADDR

123
    char ipaddr[INET6_ADDRSTRLEN];

124
#else

125
    char ipaddr[INET_ADDRSTRLEN];

126
#endif

127
};

128


129
/* Client message switch. */

130
struct client_message_switch {

131
    bool (*accept)(const AcceptMessage *msg, const uint8_t *buf, size_t len,

132
	struct connection_closure *closure);

133
    bool (*reject)(const RejectMessage *msg, const uint8_t *buf, size_t len,

134
	struct connection_closure *closure);

135
    bool (*exit)(const ExitMessage *msg, const uint8_t *buf, size_t len,

136
	struct connection_closure *closure);

137
    bool (*restart)(const RestartMessage *msg, const uint8_t *buf, size_t len,

138
	struct connection_closure *closure);

139
    bool (*alert)(const AlertMessage *msg, const uint8_t *buf, size_t len,

140
	struct connection_closure *closure);

141
    bool (*iobuf)(int iofd, const IoBuffer *iobuf, const uint8_t *buf,

142
	size_t len, struct connection_closure *closure);

143
    bool (*suspend)(const CommandSuspend *msg, const uint8_t *buf, size_t len,

144
	struct connection_closure *closure);

145
    bool (*winsize)(const ChangeWindowSize *msg, const uint8_t *buf, size_t len,

146
	struct connection_closure *closure);

147
};

148


149
union sockaddr_union {

150
    struct sockaddr sa;

151
    struct sockaddr_in sin;

152
#ifdef HAVE_STRUCT_IN6_ADDR

153
    struct sockaddr_in6 sin6;

154
#endif

155
};

156


157
/*

158
 * List of server addresses.

159
 */

160
struct server_address {

161
    TAILQ_ENTRY(server_address) entries;

162
    char *sa_host;

163
    char *sa_str;

164
    union sockaddr_union sa_un;

165
    socklen_t sa_size;

166
    bool tls;

167
};

168
TAILQ_HEAD(server_address_list, server_address);

169


170
/*

171
 * List of active network listeners.

172
 */

173
struct listener {

174
    TAILQ_ENTRY(listener) entries;

175
    struct sudo_event *ev;

176
    char *sa_str;

177
    int sock;

178
    bool tls;

179
};

180
TAILQ_HEAD(listener_list, listener);

181


182
/* iolog_writer.c */

183
struct eventlog *evlog_new(const TimeSpec *submit_time, InfoMessage * const *info_msgs, size_t infolen, struct connection_closure *closure);

184
bool iolog_init(const AcceptMessage *msg, struct connection_closure *closure);

185
bool iolog_create(int iofd, struct connection_closure *closure);

186
void iolog_close_all(struct connection_closure *closure);

187
bool iolog_flush_all(struct connection_closure *closure);

188
bool iolog_rewrite(const struct timespec *target, struct connection_closure *closure);

189
void update_elapsed_time(const TimeSpec *delta, struct timespec *elapsed);

190


191
/* logsrvd.c */

192
extern struct client_message_switch cms_local;

193
bool start_protocol(struct connection_closure *closure);

194
void connection_close(struct connection_closure *closure);

195
bool schedule_commit_point(const TimeSpec *commit_point, struct connection_closure *closure);

196
bool fmt_server_message(struct connection_closure *closure, ServerMessage *msg);

197
bool fmt_log_id_message(const unsigned char uuid[restrict static 16], const char *path, struct connection_closure *closure);

198
bool schedule_error_message(const char *errstr, struct connection_closure *closure);

199
struct connection_buffer *get_free_buf(size_t, struct connection_closure *closure);

200
struct connection_closure *connection_closure_alloc(int fd, bool tls, bool relay_only, struct sudo_event_base *base);

201


202
/* logsrvd_conf.c */

203
bool logsrvd_conf_read(const char *path);

204
const char *logsrvd_conf_iolog_base(void);

205
const char *logsrvd_conf_iolog_dir(void);

206
const char *logsrvd_conf_iolog_file(void);

207
bool logsrvd_conf_iolog_log_passwords(void);

208
void *logsrvd_conf_iolog_passprompt_regex(void);

209
struct server_address_list *logsrvd_conf_server_listen_address(void);

210
struct server_address_list *logsrvd_conf_relay_address(void);

211
const char *logsrvd_conf_relay_dir(void);

212
bool logsrvd_conf_relay_store_first(void);

213
bool logsrvd_conf_relay_tcp_keepalive(void);

214
bool logsrvd_conf_server_tcp_keepalive(void);

215
const char *logsrvd_conf_pid_file(void);

216
struct timespec *logsrvd_conf_server_timeout(void);

217
struct timespec *logsrvd_conf_relay_connect_timeout(void);

218
struct timespec *logsrvd_conf_relay_timeout(void);

219
time_t logsrvd_conf_relay_retry_interval(void);

220
#if defined(HAVE_OPENSSL)

221
bool logsrvd_conf_server_tls_check_peer(void);

222
SSL_CTX *logsrvd_server_tls_ctx(void);

223
bool logsrvd_conf_relay_tls_check_peer(void);

224
SSL_CTX *logsrvd_relay_tls_ctx(void);

225
#endif

226
bool logsrvd_conf_log_exit(void);

227
uid_t logsrvd_conf_iolog_uid(void);

228
gid_t logsrvd_conf_iolog_gid(void);

229
mode_t logsrvd_conf_iolog_mode(void);

230
void address_list_addref(struct server_address_list *);

231
void address_list_delref(struct server_address_list *);

232
void logsrvd_conf_cleanup(void);

233
void logsrvd_warn_stderr(bool enabled);

234


235
/* logsrvd_journal.c */

236
extern struct client_message_switch cms_journal;

237


238
/* logsrvd_local.c */

239
extern struct client_message_switch cms_local;

240
bool store_accept_local(const AcceptMessage *msg, const uint8_t *buf, size_t len, struct connection_closure *closure);

241
bool store_reject_local(const RejectMessage *msg, const uint8_t *buf, size_t len, struct connection_closure *closure);

242
bool store_exit_local(const ExitMessage *msg, const uint8_t *buf, size_t len, struct connection_closure *closure);

243
bool store_restart_local(const RestartMessage *msg, const uint8_t *buf, size_t len, struct connection_closure *closure);

244
bool store_alert_local(const AlertMessage *msg, const uint8_t *buf, size_t len, struct connection_closure *closure);

245
bool store_iobuf_local(int iofd, const IoBuffer *iobuf, const uint8_t *buf, size_t len, struct connection_closure *closure);

246
bool store_winsize_local(const ChangeWindowSize *msg, const uint8_t *buf, size_t len, struct connection_closure *closure);

247
bool store_suspend_local(const CommandSuspend *msg, const uint8_t *buf, size_t len, struct connection_closure *closure);

248


249
/* logsrvd_queue.c */

250
bool logsrvd_queue_enable(time_t timeout, struct sudo_event_base *evbase);

251
bool logsrvd_queue_insert(struct connection_closure *closure);

252
bool logsrvd_queue_scan(struct sudo_event_base *evbase);

253
void logsrvd_queue_dump(void);

254


255
/* logsrvd_relay.c */

256
extern struct client_message_switch cms_relay;

257
void relay_closure_free(struct relay_closure *relay_closure);

258
bool connect_relay(struct connection_closure *closure);

259
bool relay_shutdown(struct connection_closure *closure);

260


261
#endif /* SUDO_LOGSRVD_H */

262


263