Remove client_closure.disabled and set state to ERROR instead.

We now check the state variable in the various fmt_* functions
as needed.

Author: millert

plugins/sudoers/audit.c

@@ -1,7 +1,7 @@
 /*
  * SPDX-License-Identifier: ISC
  *
- * Copyright (c) 2009-2015, 2019-2023 Todd C. Miller <[email protected]>
+ * Copyright (c) 2009-2015, 2019-2025 Todd C. Miller <[email protected]>
  *
  * Permission to use, copy, modify, and distribute this software for any
  * purpose with or without fee is hereby granted, provided that the above
@@ -248,9 +248,6 @@ log_server_accept(const struct sudoers_context *ctx, struct eventlog *evlog)
     bool ret = false;
     debug_decl(log_server_accept, SUDOERS_DEBUG_PLUGIN);
 
-    if (client_closure->disabled)
-	debug_return_bool(false);
-
     if (SLIST_EMPTY(&def_log_servers))
 	debug_return_bool(true);
 
@@ -264,11 +261,6 @@ log_server_accept(const struct sudoers_context *ctx, struct eventlog *evlog)
 	    debug_return_bool(true);
     }
 
-    if (sudo_gettime_awake(&start_time) == -1) {
-	sudo_warn("%s", U_("unable to get time of day"));
-	goto done;
-    }
-
     if (client_closure != NULL) {
 	/* Use existing client closure. */
 	if (fmt_accept_message(client_closure, evlog)) {
@@ -282,6 +274,11 @@ log_server_accept(const struct sudoers_context *ctx, struct eventlog *evlog)
     } else {
 	struct log_details audit_details;
 
+	if (sudo_gettime_awake(&start_time) == -1) {
+	    sudo_warn("%s", U_("unable to get time of day"));
+	    goto done;
+	}
+
 	if (!init_log_details(&audit_details, evlog))
 	    goto done;
 
@@ -308,7 +305,7 @@ log_server_exit(int status_type, int status)
      * I/O log plugin clears client_closure on close so we don't log
      * the exit status twice.
      */
-    if (client_closure != NULL && !client_closure->disabled) {
+    if (client_closure != NULL) {
 	int exit_status = 0, error = 0;
 
 	if (status_type == SUDO_PLUGIN_WAIT_STATUS) {

plugins/sudoers/iolog.c

@@ -1,7 +1,7 @@
 /*
  * SPDX-License-Identifier: ISC
  *
- * Copyright (c) 2009-2022 Todd C. Miller <[email protected]>
+ * Copyright (c) 2009-2023, 2025 Todd C. Miller <[email protected]>
  *
  * Permission to use, copy, modify, and distribute this software for any
  * purpose with or without fee is hereby granted, provided that the above
@@ -1012,9 +1012,6 @@ sudoers_io_log_remote(int event, const char *buf, unsigned int len,
     int type, ret = -1;
     debug_decl(sudoers_io_log_remote, SUDOERS_DEBUG_PLUGIN);
 
-    if (client_closure->disabled)
-	debug_return_int(1);
-
     /* Track elapsed time for comparison with commit points. */
     sudo_timespecadd(delay, &client_closure->elapsed, &client_closure->elapsed);
 
@@ -1166,9 +1163,6 @@ sudoers_io_change_winsize_remote(unsigned int lines, unsigned int cols,
     int ret = -1;
     debug_decl(sudoers_io_change_winsize_remote, SUDOERS_DEBUG_PLUGIN);
 
-    if (client_closure->disabled)
-	debug_return_int(1);
-
     /* Track elapsed time for comparison with commit points. */
     sudo_timespecadd(delay, &client_closure->elapsed, &client_closure->elapsed);
 
@@ -1265,9 +1259,6 @@ sudoers_io_suspend_remote(const char *signame, struct timespec *delay,
     int ret = -1;
     debug_decl(sudoers_io_suspend_remote, SUDOERS_DEBUG_PLUGIN);
 
-    if (client_closure->disabled)
-	debug_return_int(1);
-
     /* Track elapsed time for comparison with commit points. */
     sudo_timespecadd(delay, &client_closure->elapsed, &client_closure->elapsed);
 

plugins/sudoers/log_client.c

@@ -808,6 +808,9 @@ fmt_client_hello(struct client_closure *closure)
     bool ret = false;
     debug_decl(fmt_client_hello, SUDOERS_DEBUG_UTIL);
 
+    if (closure->state != RECV_HELLO)
+	goto done;
+
     sudo_debug_printf(SUDO_DEBUG_INFO, "%s: sending ClientHello", __func__);
 
     /* Client name + version */
@@ -818,6 +821,7 @@ fmt_client_hello(struct client_closure *closure)
     client_msg.type_case = CLIENT_MESSAGE__TYPE_HELLO_MSG;
     ret = fmt_client_message(closure, &client_msg);
 
+done:
     debug_return_bool(ret);
 }
 
@@ -1001,6 +1005,9 @@ fmt_accept_message(struct client_closure *closure, const struct eventlog *evlog)
     bool ret = false;
     debug_decl(fmt_accept_message, SUDOERS_DEBUG_UTIL);
 
+    if (closure->state != SEND_ACCEPT && closure->state != SEND_IO)
+	goto done;
+
     /*
      * Fill in AcceptMessage and add it to ClientMessage.
      */
@@ -1050,6 +1057,9 @@ fmt_reject_message(struct client_closure *closure, const struct eventlog *evlog)
     bool ret = false;
     debug_decl(fmt_reject_message, SUDOERS_DEBUG_UTIL);
 
+    if (closure->state != SEND_REJECT && closure->state != SEND_IO)
+	goto done;
+
     /*
      * Fill in RejectMessage and add it to ClientMessage.
      */
@@ -1099,6 +1109,10 @@ fmt_alert_message(struct client_closure *closure, const struct eventlog *evlog)
     bool ret = false;
     debug_decl(fmt_alert_message, SUDOERS_DEBUG_UTIL);
 
+    /* Alerts can happen at any time. */
+    if (closure->state == ERROR)
+	goto done;
+
     /*
      * Fill in AlertMessage and add it to ClientMessage.
      */
@@ -1193,6 +1207,9 @@ fmt_restart_message(struct client_closure *closure)
     bool ret = false;
     debug_decl(fmt_restart_message, SUDOERS_DEBUG_UTIL);
 
+    if (closure->state != SEND_RESTART)
+	goto done;
+
     sudo_debug_printf(SUDO_DEBUG_INFO,
 	"%s: sending RestartMessage, [%lld, %ld]", __func__,
 	(long long)closure->restart->tv_sec, closure->restart->tv_nsec);
@@ -1227,6 +1244,9 @@ fmt_exit_message(struct client_closure *closure, int exit_status, int error)
     struct timespec run_time;
     debug_decl(fmt_exit_message, SUDOERS_DEBUG_UTIL);
 
+    if (closure->state != SEND_IO)
+	goto done;
+
     if (sudo_gettime_awake(&run_time) == -1) {
 	sudo_warn("%s", U_("unable to get time of day"));
 	goto done;
@@ -1304,6 +1324,9 @@ fmt_io_buf(struct client_closure *closure, int type, const char *buf,
     bool ret = false;
     debug_decl(fmt_io_buf, SUDOERS_DEBUG_UTIL);
 
+    if (closure->state != SEND_IO)
+	goto done;
+
     /* Fill in IoBuffer. */
     ts.tv_sec = (int64_t)delay->tv_sec;
     ts.tv_nsec = (int32_t)delay->tv_nsec;
@@ -1342,6 +1365,10 @@ fmt_winsize(struct client_closure *closure, unsigned int lines,
     bool ret = false;
     debug_decl(fmt_winsize, SUDOERS_DEBUG_UTIL);
 
+    if (closure->state != SEND_IO)
+	goto done;
+
+
     /* Fill in ChangeWindowSize message. */
     ts.tv_sec = (int64_t)delay->tv_sec;
     ts.tv_nsec = (int32_t)delay->tv_nsec;
@@ -1379,6 +1406,9 @@ fmt_suspend(struct client_closure *closure, const char *signame,
     bool ret = false;
     debug_decl(fmt_suspend, SUDOERS_DEBUG_UTIL);
 
+    if (closure->state != SEND_IO)
+	goto done;
+
     /* Fill in CommandSuspend message. */
     ts.tv_sec = (int64_t)delay->tv_sec;
     ts.tv_nsec = (int32_t)delay->tv_nsec;
@@ -1889,7 +1919,7 @@ server_msg_cb(int fd, int what, void *v)
     }
     /* Disable further log server operations. */
     client_closure_free_contents(closure);
-    closure->disabled = true;
+    closure->state = ERROR;
     debug_return;
 }
 
@@ -2009,7 +2039,7 @@ client_msg_cb(int fd, int what, void *v)
     }
     /* Disable further log server operations. */
     client_closure_free_contents(closure);
-    closure->disabled = true;
+    closure->state = ERROR;
     debug_return;
 }
 
@@ -2108,9 +2138,6 @@ log_server_close(struct client_closure *closure, int exit_status, int error)
     bool ret = false;
     debug_decl(log_server_close, SUDOERS_DEBUG_UTIL);
 
-    if (closure->disabled)
-	goto done;
-
     /* Format and append an ExitMessage to the write queue. */
     if (!fmt_exit_message(closure, exit_status, error))
 	goto done;

plugins/sudoers/log_client.h

@@ -1,7 +1,7 @@
 /*
  * SPDX-License-Identifier: ISC
  *
- * Copyright (c) 2019-2020 Todd C. Miller <[email protected]>
+ * Copyright (c) 2019-2023, 2025 Todd C. Miller <[email protected]>
  *
  * Permission to use, copy, modify, and distribute this software for any
  * purpose with or without fee is hereby granted, provided that the above
@@ -77,7 +77,6 @@ struct client_closure {
     bool read_instead_of_write;
     bool write_instead_of_read;
     bool temporary_write_event;
-    bool disabled;
     bool log_io;
     char *server_name;
 #if defined(HAVE_STRUCT_IN6_ADDR)

plugins/sudoers/logging.c

@@ -128,9 +128,6 @@ log_server_reject(const struct sudoers_context *ctx, struct eventlog *evlog,
     bool ret = false;
     debug_decl(log_server_reject, SUDOERS_DEBUG_LOGGING);
 
-    if (client_closure->disabled)
-       debug_return_bool(false);
-
     if (SLIST_EMPTY(&def_log_servers))
 	debug_return_bool(true);
 
@@ -180,9 +177,6 @@ log_server_alert(const struct sudoers_context *ctx, struct eventlog *evlog,
     bool ret = false;
     debug_decl(log_server_alert, SUDOERS_DEBUG_LOGGING);
 
-    if (client_closure->disabled)
-       debug_return_bool(false);
-
     if (SLIST_EMPTY(&def_log_servers))
 	debug_return_bool(true);