diff options
author | Daniel Baumann <daniel.baumann@progress-linux.org> | 2024-04-27 12:52:13 +0000 |
---|---|---|
committer | Daniel Baumann <daniel.baumann@progress-linux.org> | 2024-04-27 12:52:13 +0000 |
commit | f8e5c55a036f0e2e2a958e30456270f3f9eba933 (patch) | |
tree | 4a06ff510774a7a3373e492df4e2984d7b0664b1 /logsrvd/logsrvd.h | |
parent | Initial commit. (diff) | |
download | sudo-f8e5c55a036f0e2e2a958e30456270f3f9eba933.tar.xz sudo-f8e5c55a036f0e2e2a958e30456270f3f9eba933.zip |
Adding upstream version 1.9.5p2.upstream/1.9.5p2upstream
Signed-off-by: Daniel Baumann <daniel.baumann@progress-linux.org>
Diffstat (limited to '')
-rw-r--r-- | logsrvd/logsrvd.h | 162 |
1 files changed, 162 insertions, 0 deletions
diff --git a/logsrvd/logsrvd.h b/logsrvd/logsrvd.h new file mode 100644 index 0000000..5c8a8b1 --- /dev/null +++ b/logsrvd/logsrvd.h @@ -0,0 +1,162 @@ +/* + * SPDX-License-Identifier: ISC + * + * Copyright (c) 2019-2020 Todd C. Miller <Todd.Miller@sudo.ws> + * + * Permission to use, copy, modify, and distribute this software for any + * purpose with or without fee is hereby granted, provided that the above + * copyright notice and this permission notice appear in all copies. + * + * THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES + * WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF + * MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR + * ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES + * WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN + * ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF + * OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. + */ + +#ifndef SUDO_LOGSRVD_H +#define SUDO_LOGSRVD_H + +#if PROTOBUF_C_VERSION_NUMBER < 1003000 +# error protobuf-c version 1.30 or higher required +#endif + +#include "config.h" + +#if defined(HAVE_OPENSSL) +# include <openssl/ssl.h> +#endif + +#include "logsrv_util.h" + +/* Default timeout value for server socket */ +#define DEFAULT_SOCKET_TIMEOUT_SEC 30 + +/* How often to send an ACK to the client (commit point) in seconds */ +#define ACK_FREQUENCY 10 + +/* Shutdown timeout (in seconds) in case client connections time out. */ +#define SHUTDOWN_TIMEO 10 + +/* + * Connection status. + * In the RUNNING state we expect I/O log buffers. + */ +enum connection_status { + INITIAL, + RUNNING, + EXITED, + SHUTDOWN, + FINISHED, + ERROR +}; + +/* + * Per-connection state. + */ +struct connection_closure { + TAILQ_ENTRY(connection_closure) entries; + struct eventlog *evlog; + struct timespec elapsed_time; + struct connection_buffer read_buf; + struct connection_buffer write_buf; + struct sudo_event_base *evbase; + struct sudo_event *commit_ev; + struct sudo_event *read_ev; + struct sudo_event *write_ev; +#if defined(HAVE_OPENSSL) + struct sudo_event *ssl_accept_ev; + SSL *ssl; +#endif + const char *errstr; + struct iolog_file iolog_files[IOFD_MAX]; + bool tls; + bool log_io; + bool read_instead_of_write; + bool write_instead_of_read; + bool temporary_write_event; + int iolog_dir_fd; + int sock; +#ifdef HAVE_STRUCT_IN6_ADDR + char ipaddr[INET6_ADDRSTRLEN]; +#else + char ipaddr[INET_ADDRSTRLEN]; +#endif + enum connection_status state; +}; + +union sockaddr_union { + struct sockaddr sa; + struct sockaddr_in sin; +#ifdef HAVE_STRUCT_IN6_ADDR + struct sockaddr_in6 sin6; +#endif +}; + +/* + * List of listen addresses. + */ +struct listen_address { + TAILQ_ENTRY(listen_address) entries; + char *sa_str; + union sockaddr_union sa_un; + socklen_t sa_size; + bool tls; +}; +TAILQ_HEAD(listen_address_list, listen_address); + +/* + * List of active network listeners. + */ +struct listener { + TAILQ_ENTRY(listener) entries; + struct sudo_event *ev; + int sock; + bool tls; +}; +TAILQ_HEAD(listener_list, listener); + +#if defined(HAVE_OPENSSL) +/* parameters to configure tls */ +struct logsrvd_tls_config { + char *pkey_path; + char *cert_path; + char *cacert_path; + char *dhparams_path; + char *ciphers_v12; + char *ciphers_v13; + bool verify; + bool check_peer; +}; + +struct logsrvd_tls_runtime { + SSL_CTX *ssl_ctx; +}; +#endif + +/* iolog_writer.c */ +struct eventlog *evlog_new(TimeSpec *submit_time, InfoMessage **info_msgs, size_t infolen); +bool iolog_init(AcceptMessage *msg, struct connection_closure *closure); +bool iolog_restart(RestartMessage *msg, struct connection_closure *closure); +int store_iobuf(int iofd, IoBuffer *msg, struct connection_closure *closure); +int store_suspend(CommandSuspend *msg, struct connection_closure *closure); +int store_winsize(ChangeWindowSize *msg, struct connection_closure *closure); +void iolog_close_all(struct connection_closure *closure); + +/* logsrvd_conf.c */ +bool logsrvd_conf_read(const char *path); +const char *logsrvd_conf_iolog_dir(void); +const char *logsrvd_conf_iolog_file(void); +struct listen_address_list *logsrvd_conf_listen_address(void); +bool logsrvd_conf_tcp_keepalive(void); +const char *logsrvd_conf_pid_file(void); +struct timespec *logsrvd_conf_get_sock_timeout(void); +#if defined(HAVE_OPENSSL) +const struct logsrvd_tls_config *logsrvd_get_tls_config(void); +struct logsrvd_tls_runtime *logsrvd_get_tls_runtime(void); +#endif +mode_t logsrvd_conf_iolog_mode(void); + +#endif /* SUDO_LOGSRVD_H */ |