process tls config options

2025-08-30 13:58:05 +00:00 · 2019-11-28 13:17:37 +01:00 · 2019-11-28 13:17:37 +01:00 · a409d8f1fc
commit a409d8f1fc
parent 3ce51d40ce
2 changed files with 28 additions and 1 deletions
--- a/plugins/sudoers/iolog.c
+++ b/plugins/sudoers/iolog.c
@ -363,6 +363,20 @@ iolog_deserialize_info(struct iolog_details *details, char * const user_info[],
 		    TIME_T_MAX, NULL);
 		continue;
 	    }
+#if defined(HAVE_OPENSSL)
+	    if (strncmp(*cur, "log_server_cabundle=", sizeof("log_server_cabundle=") - 1) == 0) {
+            details->ca_bundle = *cur + sizeof("log_server_cabundle=") - 1;
+            continue;
+        }
+	    if (strncmp(*cur, "log_server_peer_cert=", sizeof("log_server_peer_cert=") - 1) == 0) {
+            details->cert_file = *cur + sizeof("log_server_peer_cert=") - 1;
+            continue;
+        }
+	    if (strncmp(*cur, "log_server_peer_key=", sizeof("log_server_peer_key=") - 1) == 0) {
+            details->key_file = *cur + sizeof("log_server_peer_key=") - 1;
+            continue;
+        }
+#endif /* HAVE_OPENSSL */
 	    break;
 	case 'm':
 	    if (strncmp(*cur, "maxseq=", sizeof("maxseq=") - 1) == 0) {
@ -583,7 +597,6 @@ sudoers_io_open_remote(void)
 	ret = -1;
 	goto done;
    }
-
    if (!client_closure_fill(&client_closure, sock, &iolog_details, &sudoers_io)) {
 	close(sock);
 	ret = -1;
--- a/plugins/sudoers/policy.c
+++ b/plugins/sudoers/policy.c
@ -734,6 +734,20 @@ sudoers_policy_exec_setup(char *argv[], char *envp[], mode_t cmnd_umask,
 	if (asprintf(&command_info[info_len++], "log_server_timeout=%u", def_log_server_timeout) == -1)
 	    goto oom;
    }
+
+    if (def_log_server_cabundle != NULL) {
+        if ((command_info[info_len++] = sudo_new_key_val("log_server_cabundle", def_log_server_cabundle)) == NULL)
+            goto oom;
+    }
+    if (def_log_server_peer_cert != NULL) {
+        if ((command_info[info_len++] = sudo_new_key_val("log_server_peer_cert", def_log_server_peer_cert)) == NULL)
+            goto oom;
+    }
+    if (def_log_server_peer_key != NULL) {
+        if ((command_info[info_len++] = sudo_new_key_val("log_server_peer_key", def_log_server_peer_key)) == NULL)
+            goto oom;
+    }
+
    if (def_command_timeout > 0 || user_timeout > 0) {
 	int timeout = user_timeout;
 	if (timeout == 0 || def_command_timeout < timeout)