sudo_logsrvd: update elapsed time for winsize and suspend in journal mode

Fixes a bug in store-first relay mode where the commit point messages sent by the server were incorrect.
2025-08-22 01:49:11 +00:00 · 2022-04-24 17:26:05 -06:00 · 2022-04-24 17:26:05 -06:00 · c7ed03c986
commit c7ed03c986
parent 72794ecd75
3 changed files with 23 additions and 13 deletions
--- a/logsrvd/iolog_writer.c
+++ b/logsrvd/iolog_writer.c
@ -1,7 +1,7 @@
 /*
 * SPDX-License-Identifier: ISC
 *
- * Copyright (c) 2019-2021 Todd C. Miller <Todd.Miller@sudo.ws>
+ * Copyright (c) 2019-2022 Todd C. Miller <Todd.Miller@sudo.ws>
 *
 * Permission to use, copy, modify, and distribute this software for any
 * purpose with or without fee is hereby granted, provided that the above
@ -912,6 +912,10 @@ update_elapsed_time(TimeSpec *delta, struct timespec *elapsed)
 	elapsed->tv_sec++;
 	elapsed->tv_nsec -= 1000000000;
    }
+    sudo_debug_printf(SUDO_DEBUG_DEBUG|SUDO_DEBUG_LINENO,
+	"%s: delta [%lld, %d], elapsed time now [%lld, %ld]",
+	__func__, (long long)delta->tv_sec, delta->tv_nsec,
+	(long long)elapsed->tv_sec, elapsed->tv_nsec);

    debug_return;
 }
--- a/logsrvd/logsrvd_journal.c
+++ b/logsrvd/logsrvd_journal.c
@ -1,7 +1,7 @@
 /*
 * SPDX-License-Identifier: ISC
 *
- * Copyright (c) 2021 Todd C. Miller <Todd.Miller@sudo.ws>
+ * Copyright (c) 2021-2022 Todd C. Miller <Todd.Miller@sudo.ws>
 *
 * Permission to use, copy, modify, and distribute this software for any
 * purpose with or without fee is hereby granted, provided that the above
@ -358,13 +358,8 @@ journal_seek(struct timespec *target, struct connection_closure *closure)
 		msg->type_case, "ClientMessage", closure->journal_path);
 	    break;
 	}
-	if (delay != NULL) {
+	if (delay != NULL)
 	    update_elapsed_time(delay, &closure->elapsed_time);
-	    sudo_debug_printf(SUDO_DEBUG_DEBUG|SUDO_DEBUG_LINENO,
-		"%s: elapsed time now [%lld, %ld]", closure->journal_path,
-		(long long)closure->elapsed_time.tv_sec,
-		closure->elapsed_time.tv_nsec);
-	}

 	if (sudo_timespeccmp(&closure->elapsed_time, target, >=)) {
 	    if (sudo_timespeccmp(&closure->elapsed_time, target, ==)) {
@ -577,6 +572,8 @@ journal_suspend(CommandSuspend *msg, uint8_t *buf, size_t len,
 {
    debug_decl(journal_suspend, SUDO_DEBUG_UTIL);

+    update_elapsed_time(msg->delay, &closure->elapsed_time);
+
    debug_return_bool(journal_write(buf, len, closure));
 }

@ -589,6 +586,8 @@ journal_winsize(ChangeWindowSize *msg, uint8_t *buf, size_t len,
 {
    debug_decl(journal_winsize, SUDO_DEBUG_UTIL);

+    update_elapsed_time(msg->delay, &closure->elapsed_time);
+
    debug_return_bool(journal_write(buf, len, closure));
 }

--- a/plugins/sudoers/log_client.c
+++ b/plugins/sudoers/log_client.c
@ -1,7 +1,7 @@
 /*
 * SPDX-License-Identifier: ISC
 *
- * Copyright (c) 2019-2020 Todd C. Miller <Todd.Miller@sudo.ws>
+ * Copyright (c) 2019-2022 Todd C. Miller <Todd.Miller@sudo.ws>
 *
 * Permission to use, copy, modify, and distribute this software for any
 * purpose with or without fee is hereby granted, provided that the above
@ -1531,10 +1531,13 @@ handle_commit_point(TimeSpec *commit_point, struct client_closure *closure)
 	debug_return_bool(false);
    }

-    sudo_debug_printf(SUDO_DEBUG_INFO, "%s: commit point: [%lld, %d]",
-	__func__, (long long)commit_point->tv_sec, commit_point->tv_nsec);
    closure->committed.tv_sec = commit_point->tv_sec;
    closure->committed.tv_nsec = commit_point->tv_nsec;
+    sudo_debug_printf(SUDO_DEBUG_INFO,
+	"%s: received [%lld, %d], elapsed [%lld, %ld], committed [%lld, %ld]",
+	__func__, (long long)commit_point->tv_sec, commit_point->tv_nsec,
+	(long long)closure->elapsed.tv_sec, closure->elapsed.tv_nsec,
+	(long long)closure->committed.tv_sec, closure->committed.tv_nsec);

    if (closure->state == CLOSING) {
 	if (sudo_timespeccmp(&closure->elapsed, &closure->committed, ==)) {
@ -1715,7 +1718,9 @@ server_msg_cb(int fd, int what, void *v)

            switch (SSL_get_error(closure->ssl, nread)) {
 		case SSL_ERROR_ZERO_RETURN:
-		    /* ssl connection shutdown cleanly */
+		    /* TLS connection shutdown cleanly */
+		    sudo_debug_printf(SUDO_DEBUG_NOTICE|SUDO_DEBUG_LINENO,
+			"TLS connection shut down cleanly");
 		    nread = 0;
 		    break;
                case SSL_ERROR_WANT_READ:
@ -1876,7 +1881,9 @@ client_msg_cb(int fd, int what, void *v)

            switch (SSL_get_error(closure->ssl, nwritten)) {
 		case SSL_ERROR_ZERO_RETURN:
-		    /* ssl connection shutdown */
+		    /* TLS connection shutdown cleanly */
+		    sudo_debug_printf(SUDO_DEBUG_NOTICE|SUDO_DEBUG_LINENO,
+			"TLS connection shut down cleanly");
 		    goto bad;
                case SSL_ERROR_WANT_READ:
 		    /* ssl wants to read, read event always active */