diff options
| author | Michael Biebl <biebl@debian.org> | 2008-03-29 12:14:56 +0100 |
|---|---|---|
| committer | Michael Biebl <biebl@debian.org> | 2008-03-29 12:14:56 +0100 |
| commit | f8519389c53605a2f1b3c7d74a8c500c2d10e14a (patch) | |
| tree | 7fef18003038739c35bfdf5d80cdffa78d59c864 | |
| parent | 5936445a4ce43904be8eee1282e4db208de4bc7e (diff) | |
| download | rsyslog-f8519389c53605a2f1b3c7d74a8c500c2d10e14a.tar.gz | |
Imported Debian patch 1.21.2-1debian/1.21.2-1
| -rw-r--r-- | ChangeLog | 13 | ||||
| -rw-r--r-- | Makefile.am | 5 | ||||
| -rw-r--r-- | Makefile.in | 9 | ||||
| -rwxr-xr-x | configure | 90 | ||||
| -rw-r--r-- | configure.ac | 5 | ||||
| -rw-r--r-- | debian/changelog | 6 | ||||
| -rw-r--r-- | doc/status.html | 8 | ||||
| -rw-r--r-- | gss-misc.c | 2 | ||||
| -rw-r--r-- | gss-misc.h | 2 | ||||
| -rw-r--r-- | net.h | 13 | ||||
| -rw-r--r-- | omfwd.c | 642 | ||||
| -rw-r--r-- | plugins/omgssapi/Makefile.am | 6 | ||||
| -rw-r--r-- | plugins/omgssapi/Makefile.in | 487 | ||||
| -rw-r--r-- | plugins/omgssapi/omgssapi.c | 771 | ||||
| -rw-r--r-- | rsyslog.h | 4 | ||||
| -rw-r--r-- | syslogd.c | 13 | ||||
| -rw-r--r-- | tcpsyslog.c | 280 | ||||
| -rw-r--r-- | tcpsyslog.h | 8 |
18 files changed, 1730 insertions, 634 deletions
@@ -1,4 +1,17 @@ --------------------------------------------------------------------------- +Version 1.21.2 (rgerhards), 2007-12-28 +- created a gss-api output module. This keeps GSS-API code and + TCP/UDP code separated. It is also important for forward- + compatibility with v3. Please note that this change breaks compatibility + with config files created for 1.21.0 and 1.21.1 - this was considered + acceptable. +- fixed an error in forwarding retry code (could lead to message corruption + but surfaced very seldom) +- increased portability for older platforms (AI_NUMERICSERV moved) +- removed socket leak in omfwd.c +- cross-platform patch for GSS-API compile problem on some platforms + thanks to darix for the patch! +--------------------------------------------------------------------------- Version 1.21.1 (rgerhards), 2007-12-23 - small doc fix for $IncludeConfig - fixed a bug in llDestroy() diff --git a/Makefile.am b/Makefile.am index 1e6cf5a..6c1b24b 100644 --- a/Makefile.am +++ b/Makefile.am @@ -83,6 +83,11 @@ EXTRA_DIST = \ SUBDIRS = doc + +if ENABLE_GSSAPI +SUBDIRS += plugins/omgssapi +endif + if ENABLE_MYSQL SUBDIRS += plugins/ommysql endif diff --git a/Makefile.in b/Makefile.in index 6889fb7..20c68fa 100644 --- a/Makefile.in +++ b/Makefile.in @@ -33,8 +33,9 @@ POST_UNINSTALL = : build_triplet = @build@ host_triplet = @host@ sbin_PROGRAMS = rklogd$(EXEEXT) rfc3195d$(EXEEXT) rsyslogd$(EXEEXT) -@ENABLE_MYSQL_TRUE@am__append_1 = plugins/ommysql -@ENABLE_PGSQL_TRUE@am__append_2 = plugins/ompgsql +@ENABLE_GSSAPI_TRUE@am__append_1 = plugins/omgssapi +@ENABLE_MYSQL_TRUE@am__append_2 = plugins/ommysql +@ENABLE_PGSQL_TRUE@am__append_3 = plugins/ompgsql subdir = . DIST_COMMON = README $(am__configure_deps) $(srcdir)/Makefile.am \ $(srcdir)/Makefile.in $(srcdir)/config.h.in \ @@ -112,7 +113,7 @@ RECURSIVE_CLEAN_TARGETS = mostlyclean-recursive clean-recursive \ distclean-recursive maintainer-clean-recursive ETAGS = etags CTAGS = ctags -DIST_SUBDIRS = doc plugins/ommysql plugins/ompgsql +DIST_SUBDIRS = doc plugins/omgssapi plugins/ommysql plugins/ompgsql DISTFILES = $(DIST_COMMON) $(DIST_SOURCES) $(TEXINFOS) $(EXTRA_DIST) distdir = $(PACKAGE)-$(VERSION) top_distdir = $(distdir) @@ -320,7 +321,7 @@ EXTRA_DIST = \ contrib/README \ $(man_MANS) -SUBDIRS = doc $(am__append_1) $(am__append_2) +SUBDIRS = doc $(am__append_1) $(am__append_2) $(am__append_3) all: config.h $(MAKE) $(AM_MAKEFLAGS) all-recursive @@ -1,6 +1,6 @@ #! /bin/sh # Guess values for system-dependent variables and create Makefiles. -# Generated by GNU Autoconf 2.61 for rsyslog 1.21.1. +# Generated by GNU Autoconf 2.61 for rsyslog 1.21.2. # # Report bugs to <rsyslog@lists.adiscon.com.>. # @@ -728,8 +728,8 @@ SHELL=${CONFIG_SHELL-/bin/sh} # Identity of this package. PACKAGE_NAME='rsyslog' PACKAGE_TARNAME='rsyslog' -PACKAGE_VERSION='1.21.1' -PACKAGE_STRING='rsyslog 1.21.1' +PACKAGE_VERSION='1.21.2' +PACKAGE_STRING='rsyslog 1.21.2' PACKAGE_BUGREPORT='rsyslog@lists.adiscon.com.' ac_unique_file="syslogd.c" @@ -876,6 +876,8 @@ dl_libs LIBOBJS zlib_libs gss_libs +ENABLE_GSSAPI_TRUE +ENABLE_GSSAPI_FALSE pthreads_libs pthreads_cflags HAVE_MYSQL_CONFIG @@ -1407,7 +1409,7 @@ if test "$ac_init_help" = "long"; then # Omit some internal or obsolete options to make the list less imposing. # This message is too long to be a string in the A/UX 3.1 sh. cat <<_ACEOF -\`configure' configures rsyslog 1.21.1 to adapt to many kinds of systems. +\`configure' configures rsyslog 1.21.2 to adapt to many kinds of systems. Usage: $0 [OPTION]... [VAR=VALUE]... @@ -1477,7 +1479,7 @@ fi if test -n "$ac_init_help"; then case $ac_init_help in - short | recursive ) echo "Configuration of rsyslog 1.21.1:";; + short | recursive ) echo "Configuration of rsyslog 1.21.2:";; esac cat <<\_ACEOF @@ -1591,7 +1593,7 @@ fi test -n "$ac_init_help" && exit $ac_status if $ac_init_version; then cat <<\_ACEOF -rsyslog configure 1.21.1 +rsyslog configure 1.21.2 generated by GNU Autoconf 2.61 Copyright (C) 1992, 1993, 1994, 1995, 1996, 1998, 1999, 2000, 2001, @@ -1605,7 +1607,7 @@ cat >config.log <<_ACEOF This file contains any messages produced by compilers while running configure, to aid debugging if configure makes a mistake. -It was created by rsyslog $as_me 1.21.1, which was +It was created by rsyslog $as_me 1.21.2, which was generated by GNU Autoconf 2.61. Invocation command line was $ $0 $@ @@ -2295,7 +2297,7 @@ fi # Define the identity of the package. PACKAGE='rsyslog' - VERSION='1.21.1' + VERSION='1.21.2' cat >>confdefs.h <<_ACEOF @@ -4480,7 +4482,7 @@ ia64-*-hpux*) ;; *-*-irix6*) # Find out which ABI we are using. - echo '#line 4483 "configure"' > conftest.$ac_ext + echo '#line 4485 "configure"' > conftest.$ac_ext if { (eval echo "$as_me:$LINENO: \"$ac_compile\"") >&5 (eval $ac_compile) 2>&5 ac_status=$? @@ -7223,11 +7225,11 @@ else -e 's:.*FLAGS}\{0,1\} :&$lt_compiler_flag :; t' \ -e 's: [^ ]*conftest\.: $lt_compiler_flag&:; t' \ -e 's:$: $lt_compiler_flag:'` - (eval echo "\"\$as_me:7226: $lt_compile\"" >&5) + (eval echo "\"\$as_me:7228: $lt_compile\"" >&5) (eval "$lt_compile" 2>conftest.err) ac_status=$? cat conftest.err >&5 - echo "$as_me:7230: \$? = $ac_status" >&5 + echo "$as_me:7232: \$? = $ac_status" >&5 if (exit $ac_status) && test -s "$ac_outfile"; then # The compiler can only warn and ignore the option if not recognized # So say no if there are warnings other than the usual output. @@ -7513,11 +7515,11 @@ else -e 's:.*FLAGS}\{0,1\} :&$lt_compiler_flag :; t' \ -e 's: [^ ]*conftest\.: $lt_compiler_flag&:; t' \ -e 's:$: $lt_compiler_flag:'` - (eval echo "\"\$as_me:7516: $lt_compile\"" >&5) + (eval echo "\"\$as_me:7518: $lt_compile\"" >&5) (eval "$lt_compile" 2>conftest.err) ac_status=$? cat conftest.err >&5 - echo "$as_me:7520: \$? = $ac_status" >&5 + echo "$as_me:7522: \$? = $ac_status" >&5 if (exit $ac_status) && test -s "$ac_outfile"; then # The compiler can only warn and ignore the option if not recognized # So say no if there are warnings other than the usual output. @@ -7617,11 +7619,11 @@ else -e 's:.*FLAGS}\{0,1\} :&$lt_compiler_flag :; t' \ -e 's: [^ ]*conftest\.: $lt_compiler_flag&:; t' \ -e 's:$: $lt_compiler_flag:'` - (eval echo "\"\$as_me:7620: $lt_compile\"" >&5) + (eval echo "\"\$as_me:7622: $lt_compile\"" >&5) (eval "$lt_compile" 2>out/conftest.err) ac_status=$? cat out/conftest.err >&5 - echo "$as_me:7624: \$? = $ac_status" >&5 + echo "$as_me:7626: \$? = $ac_status" >&5 if (exit $ac_status) && test -s out/conftest2.$ac_objext then # The compiler can only warn and ignore the option if not recognized @@ -9968,7 +9970,7 @@ else lt_dlunknown=0; lt_dlno_uscore=1; lt_dlneed_uscore=2 lt_status=$lt_dlunknown cat > conftest.$ac_ext <<EOF -#line 9971 "configure" +#line 9973 "configure" #include "confdefs.h" #if HAVE_DLFCN_H @@ -10068,7 +10070,7 @@ else lt_dlunknown=0; lt_dlno_uscore=1; lt_dlneed_uscore=2 lt_status=$lt_dlunknown cat > conftest.$ac_ext <<EOF -#line 10071 "configure" +#line 10073 "configure" #include "confdefs.h" #if HAVE_DLFCN_H @@ -12488,11 +12490,11 @@ else -e 's:.*FLAGS}\{0,1\} :&$lt_compiler_flag :; t' \ -e 's: [^ ]*conftest\.: $lt_compiler_flag&:; t' \ -e 's:$: $lt_compiler_flag:'` - (eval echo "\"\$as_me:12491: $lt_compile\"" >&5) + (eval echo "\"\$as_me:12493: $lt_compile\"" >&5) (eval "$lt_compile" 2>conftest.err) ac_status=$? cat conftest.err >&5 - echo "$as_me:12495: \$? = $ac_status" >&5 + echo "$as_me:12497: \$? = $ac_status" >&5 if (exit $ac_status) && test -s "$ac_outfile"; then # The compiler can only warn and ignore the option if not recognized # So say no if there are warnings other than the usual output. @@ -12592,11 +12594,11 @@ else -e 's:.*FLAGS}\{0,1\} :&$lt_compiler_flag :; t' \ -e 's: [^ ]*conftest\.: $lt_compiler_flag&:; t' \ -e 's:$: $lt_compiler_flag:'` - (eval echo "\"\$as_me:12595: $lt_compile\"" >&5) + (eval echo "\"\$as_me:12597: $lt_compile\"" >&5) (eval "$lt_compile" 2>out/conftest.err) ac_status=$? cat out/conftest.err >&5 - echo "$as_me:12599: \$? = $ac_status" >&5 + echo "$as_me:12601: \$? = $ac_status" >&5 if (exit $ac_status) && test -s out/conftest2.$ac_objext then # The compiler can only warn and ignore the option if not recognized @@ -14156,11 +14158,11 @@ else -e 's:.*FLAGS}\{0,1\} :&$lt_compiler_flag :; t' \ -e 's: [^ ]*conftest\.: $lt_compiler_flag&:; t' \ -e 's:$: $lt_compiler_flag:'` - (eval echo "\"\$as_me:14159: $lt_compile\"" >&5) + (eval echo "\"\$as_me:14161: $lt_compile\"" >&5) (eval "$lt_compile" 2>conftest.err) ac_status=$? cat conftest.err >&5 - echo "$as_me:14163: \$? = $ac_status" >&5 + echo "$as_me:14165: \$? = $ac_status" >&5 if (exit $ac_status) && test -s "$ac_outfile"; then # The compiler can only warn and ignore the option if not recognized # So say no if there are warnings other than the usual output. @@ -14260,11 +14262,11 @@ else -e 's:.*FLAGS}\{0,1\} :&$lt_compiler_flag :; t' \ -e 's: [^ ]*conftest\.: $lt_compiler_flag&:; t' \ -e 's:$: $lt_compiler_flag:'` - (eval echo "\"\$as_me:14263: $lt_compile\"" >&5) + (eval echo "\"\$as_me:14265: $lt_compile\"" >&5) (eval "$lt_compile" 2>out/conftest.err) ac_status=$? cat out/conftest.err >&5 - echo "$as_me:14267: \$? = $ac_status" >&5 + echo "$as_me:14269: \$? = $ac_status" >&5 if (exit $ac_status) && test -s out/conftest2.$ac_objext then # The compiler can only warn and ignore the option if not recognized @@ -16449,11 +16451,11 @@ else -e 's:.*FLAGS}\{0,1\} :&$lt_compiler_flag :; t' \ -e 's: [^ ]*conftest\.: $lt_compiler_flag&:; t' \ -e 's:$: $lt_compiler_flag:'` - (eval echo "\"\$as_me:16452: $lt_compile\"" >&5) + (eval echo "\"\$as_me:16454: $lt_compile\"" >&5) (eval "$lt_compile" 2>conftest.err) ac_status=$? cat conftest.err >&5 - echo "$as_me:16456: \$? = $ac_status" >&5 + echo "$as_me:16458: \$? = $ac_status" >&5 if (exit $ac_status) && test -s "$ac_outfile"; then # The compiler can only warn and ignore the option if not recognized # So say no if there are warnings other than the usual output. @@ -16739,11 +16741,11 @@ else -e 's:.*FLAGS}\{0,1\} :&$lt_compiler_flag :; t' \ -e 's: [^ ]*conftest\.: $lt_compiler_flag&:; t' \ -e 's:$: $lt_compiler_flag:'` - (eval echo "\"\$as_me:16742: $lt_compile\"" >&5) + (eval echo "\"\$as_me:16744: $lt_compile\"" >&5) (eval "$lt_compile" 2>conftest.err) ac_status=$? cat conftest.err >&5 - echo "$as_me:16746: \$? = $ac_status" >&5 + echo "$as_me:16748: \$? = $ac_status" >&5 if (exit $ac_status) && test -s "$ac_outfile"; then # The compiler can only warn and ignore the option if not recognized # So say no if there are warnings other than the usual output. @@ -16843,11 +16845,11 @@ else -e 's:.*FLAGS}\{0,1\} :&$lt_compiler_flag :; t' \ -e 's: [^ ]*conftest\.: $lt_compiler_flag&:; t' \ -e 's:$: $lt_compiler_flag:'` - (eval echo "\"\$as_me:16846: $lt_compile\"" >&5) + (eval echo "\"\$as_me:16848: $lt_compile\"" >&5) (eval "$lt_compile" 2>out/conftest.err) ac_status=$? cat out/conftest.err >&5 - echo "$as_me:16850: \$? = $ac_status" >&5 + echo "$as_me:16852: \$? = $ac_status" >&5 if (exit $ac_status) && test -s out/conftest2.$ac_objext then # The compiler can only warn and ignore the option if not recognized @@ -23704,6 +23706,14 @@ fi fi fi + if test x$want_gssapi_krb5 = xyes; then + ENABLE_GSSAPI_TRUE= + ENABLE_GSSAPI_FALSE='#' +else + ENABLE_GSSAPI_TRUE='#' + ENABLE_GSSAPI_FALSE= +fi + # multithreading via pthreads # Check whether --enable-pthreads was given. @@ -24547,7 +24557,7 @@ fi -ac_config_files="$ac_config_files Makefile doc/Makefile plugins/ommysql/Makefile plugins/ompgsql/Makefile" +ac_config_files="$ac_config_files Makefile doc/Makefile plugins/omgssapi/Makefile plugins/ommysql/Makefile plugins/ompgsql/Makefile" cat >confcache <<\_ACEOF # This file is a shell script that caches the results of configure @@ -24666,6 +24676,13 @@ echo "$as_me: error: conditional \"am__fastdepCXX\" was never defined. Usually this means the macro was only invoked conditionally." >&2;} { (exit 1); exit 1; }; } fi +if test -z "${ENABLE_GSSAPI_TRUE}" && test -z "${ENABLE_GSSAPI_FALSE}"; then + { { echo "$as_me:$LINENO: error: conditional \"ENABLE_GSSAPI\" was never defined. +Usually this means the macro was only invoked conditionally." >&5 +echo "$as_me: error: conditional \"ENABLE_GSSAPI\" was never defined. +Usually this means the macro was only invoked conditionally." >&2;} + { (exit 1); exit 1; }; } +fi if test -z "${ENABLE_MYSQL_TRUE}" && test -z "${ENABLE_MYSQL_FALSE}"; then { { echo "$as_me:$LINENO: error: conditional \"ENABLE_MYSQL\" was never defined. Usually this means the macro was only invoked conditionally." >&5 @@ -24980,7 +24997,7 @@ exec 6>&1 # report actual input values of CONFIG_FILES etc. instead of their # values after options handling. ac_log=" -This file was extended by rsyslog $as_me 1.21.1, which was +This file was extended by rsyslog $as_me 1.21.2, which was generated by GNU Autoconf 2.61. Invocation command line was CONFIG_FILES = $CONFIG_FILES @@ -25033,7 +25050,7 @@ Report bugs to <bug-autoconf@gnu.org>." _ACEOF cat >>$CONFIG_STATUS <<_ACEOF ac_cs_version="\\ -rsyslog config.status 1.21.1 +rsyslog config.status 1.21.2 configured by $0, generated by GNU Autoconf 2.61, with options \\"`echo "$ac_configure_args" | sed 's/^ //; s/[\\""\`\$]/\\\\&/g'`\\" @@ -25151,6 +25168,7 @@ do "depfiles") CONFIG_COMMANDS="$CONFIG_COMMANDS depfiles" ;; "Makefile") CONFIG_FILES="$CONFIG_FILES Makefile" ;; "doc/Makefile") CONFIG_FILES="$CONFIG_FILES doc/Makefile" ;; + "plugins/omgssapi/Makefile") CONFIG_FILES="$CONFIG_FILES plugins/omgssapi/Makefile" ;; "plugins/ommysql/Makefile") CONFIG_FILES="$CONFIG_FILES plugins/ommysql/Makefile" ;; "plugins/ompgsql/Makefile") CONFIG_FILES="$CONFIG_FILES plugins/ompgsql/Makefile" ;; @@ -25363,6 +25381,8 @@ dl_libs!$dl_libs$ac_delim LIBOBJS!$LIBOBJS$ac_delim zlib_libs!$zlib_libs$ac_delim gss_libs!$gss_libs$ac_delim +ENABLE_GSSAPI_TRUE!$ENABLE_GSSAPI_TRUE$ac_delim +ENABLE_GSSAPI_FALSE!$ENABLE_GSSAPI_FALSE$ac_delim pthreads_libs!$pthreads_libs$ac_delim pthreads_cflags!$pthreads_cflags$ac_delim HAVE_MYSQL_CONFIG!$HAVE_MYSQL_CONFIG$ac_delim @@ -25378,7 +25398,7 @@ pgsql_libs!$pgsql_libs$ac_delim LTLIBOBJS!$LTLIBOBJS$ac_delim _ACEOF - if test `sed -n "s/.*$ac_delim\$/X/p" conf$$subs.sed | grep -c X` = 23; then + if test `sed -n "s/.*$ac_delim\$/X/p" conf$$subs.sed | grep -c X` = 25; then break elif $ac_last_try; then { { echo "$as_me:$LINENO: error: could not make $CONFIG_STATUS" >&5 diff --git a/configure.ac b/configure.ac index 21e883d..03e285a 100644 --- a/configure.ac +++ b/configure.ac @@ -2,7 +2,7 @@ # Process this file with autoconf to produce a configure script. AC_PREREQ(2.61) -AC_INIT([rsyslog],[1.21.1],[rsyslog@lists.adiscon.com.]) +AC_INIT([rsyslog],[1.21.2],[rsyslog@lists.adiscon.com.]) AM_INIT_AUTOMAKE AC_CONFIG_SRCDIR([syslogd.c]) AC_CONFIG_HEADERS([config.h]) @@ -154,6 +154,7 @@ if test $want_gssapi_krb5 = yes; then ]) ]) fi +AM_CONDITIONAL(ENABLE_GSSAPI, test x$want_gssapi_krb5 = xyes) # multithreading via pthreads AC_ARG_ENABLE(pthreads, @@ -345,7 +346,7 @@ AC_SUBST(pgsql_libs) -AC_CONFIG_FILES([Makefile doc/Makefile plugins/ommysql/Makefile plugins/ompgsql/Makefile]) +AC_CONFIG_FILES([Makefile doc/Makefile plugins/omgssapi/Makefile plugins/ommysql/Makefile plugins/ompgsql/Makefile]) AC_OUTPUT echo "****************************************************" diff --git a/debian/changelog b/debian/changelog index 0ce46ee..e76fe1f 100644 --- a/debian/changelog +++ b/debian/changelog @@ -1,3 +1,9 @@ +rsyslog (1.21.2-1) unstable; urgency=low + + * New upstream release. + + -- Michael Biebl <biebl@debian.org> Sun, 30 Dec 2007 02:11:58 +0100 + rsyslog (1.21.1-1) unstable; urgency=low * New upstream release. diff --git a/doc/status.html b/doc/status.html index f950d68..8a4f155 100644 --- a/doc/status.html +++ b/doc/status.html @@ -4,11 +4,11 @@ </head> <body> <h2>rsyslog status page</h2> -<p>This page reflects the status as of 2007-12-23.</p> +<p>This page reflects the status as of 2007-12-28.</p> <h2>Current Releases</h2> -<p><b>development:</b> 1.21.1 - -<a href="http://www.rsyslog.com/Article151.phtml">change log</a> - -<a href="http://www.rsyslog.com/Downloads-index-req-getit-lid-68.phtml">download</a></p> +<p><b>development:</b> 1.21.2 - +<a href="http://www.rsyslog.com/Article153.phtml">change log</a> - +<a href="http://www.rsyslog.com/Downloads-index-req-getit-lid-69.phtml">download</a></p> <p><b>stable:</b> 1.0.5 - <a href="http://www.rsyslog.com/Article85.phtml">change log</a> - <a href="http://www.rsyslog.com/Downloads-index-req-getit-lid-39.phtml">download</a></p> <p> (<a href="version_naming.html">How are versions named?</a>)</p> @@ -19,7 +19,7 @@ #else #include <fcntl.h> #endif -#include <gssapi.h> +#include <gssapi/gssapi.h> #include "syslogd.h" #include "syslogd-types.h" #include "srUtils.h" @@ -1,7 +1,7 @@ #ifndef GSS_MISC_H_INCLUDED #define GSS_MISC_H_INCLUDED 1 -#include <gssapi.h> +#include <gssapi/gssapi.h> int recv_token(int s, gss_buffer_t tok); int send_token(int s, gss_buffer_t tok); @@ -71,5 +71,18 @@ static inline size_t SALEN(struct sockaddr *sa) { rsRetVal cvthname(struct sockaddr_storage *f, uchar *pszHost, uchar *pszHostFQDN); +/* IPv6 compatibility layer for older platforms + * We need to handle a few things different if we are running + * on an older platform which does not support all the glory + * of IPv6. We try to limit toll on features and reliability, + * but obviously it is better to run rsyslog on a platform that + * supports everything... + * rgerhards, 2007-06-22 + */ +#ifndef AI_NUMERICSERV +# define AI_NUMERICSERV 0 +#endif + + #endif /* #ifdef SYSLOG_INET */ #endif /* #ifndef INCLUDED_NET_H */ @@ -51,9 +51,6 @@ #else #include <fcntl.h> #endif -#ifdef USE_GSSAPI -#include <gssapi.h> -#endif #include "syslogd.h" #include "syslogd-types.h" #include "srUtils.h" @@ -64,9 +61,6 @@ #include "tcpsyslog.h" #include "cfsysline.h" #include "module-template.h" -#ifdef USE_GSSAPI -#include "gss-misc.h" -#endif #ifdef SYSLOG_INET #define INET_SUSPEND_TIME 60 /* equal to 1 minute @@ -117,21 +111,8 @@ typedef struct _instanceData { # ifdef USE_PTHREADS pthread_mutex_t mtxTCPSend; # endif -# ifdef USE_GSSAPI - gss_ctx_id_t gss_context; - OM_uint32 gss_flags; -# endif } instanceData; -#ifdef USE_GSSAPI -static char *gss_base_service_name = NULL; -static enum gss_mode_t { - GSSMODE_NONE, - GSSMODE_MIC, - GSSMODE_ENC -} gss_mode; -#endif - BEGINcreateInstance CODESTARTcreateInstance @@ -163,24 +144,9 @@ CODESTARTfreeInstance pthread_mutex_destroy(&pData->mtxTCPSend); } # endif -# ifdef USE_GSSAPI - if (gss_mode != GSSMODE_NONE) { - OM_uint32 maj_stat, min_stat; - - if (pData->gss_context != GSS_C_NO_CONTEXT) { - maj_stat = gss_delete_sec_context(&min_stat, &pData->gss_context, GSS_C_NO_BUFFER); - if (maj_stat != GSS_S_COMPLETE) - display_status("deleting context", maj_stat, min_stat); - } - } - /* this is meant to be done when module is unloaded, - but since this module is static... - */ - if (gss_base_service_name != NULL) { - free(gss_base_service_name); - gss_base_service_name = NULL; - } -# endif + /* final cleanup */ + if(pData->sock >= 0) + close(pData->sock); ENDfreeInstance @@ -191,7 +157,7 @@ ENDdbgPrintInstInfo /* CODE FOR SENDING TCP MESSAGES */ -/* get send status +/* set send status * rgerhards, 2005-10-24 */ static void TCPSendSetStatus(instanceData *pData, enum TCPSendStatus iNewState) @@ -213,7 +179,7 @@ static void TCPSendSetStatus(instanceData *pData, enum TCPSendStatus iNewState) } -/* set send status +/* get send status * rgerhards, 2005-10-24 */ static enum TCPSendStatus TCPSendGetStatus(instanceData *pData) @@ -235,519 +201,92 @@ static enum TCPSendStatus TCPSendGetStatus(instanceData *pData) } -/* Initialize TCP sockets (for sender) - * This is done once per selector line, if not yet initialized. +/* get the syslog forward port from selector_t. The passed in + * struct must be one that is setup for forwarding. + * rgerhards, 2007-06-28 + * We may change the implementation to try to lookup the port + * if it is unspecified. So far, we use the IANA default auf 514. */ -static int TCPSendCreateSocket(instanceData *pData, struct addrinfo *addrDest) +static char *getFwdSyslogPt(instanceData *pData) { - int fd; - struct addrinfo *r; - assert(pData != NULL); - - r = addrDest; - - while(r != NULL) { - fd = socket(r->ai_family, r->ai_socktype, r->ai_protocol); - if (fd != -1) { - /* We can not allow the TCP sender to block syslogd, at least - * not in a single-threaded design. That would cause rsyslogd to - * loose input messages - which obviously also would affect - * other selector lines, too. So we do set it to non-blocking and - * handle the situation ourselfs (by discarding messages). IF we run - * dual-threaded, however, the situation is different: in this case, - * the receivers and the selector line processing are only loosely - * coupled via a memory buffer. Now, I think, we can afford the extra - * wait time. Thus, we enable blocking mode for TCP if we compile with - * pthreads. - * rgerhards, 2005-10-25 - */ -# ifndef USE_PTHREADS - /* set to nonblocking - rgerhards 2005-07-20 */ - fcntl(fd, F_SETFL, fcntl(fd, F_GETFL) | O_NONBLOCK); -# endif - if (connect (fd, r->ai_addr, r->ai_addrlen) != 0) { - if(errno == EINPROGRESS) { - /* this is normal - will complete during select */ - TCPSendSetStatus(pData, TCP_SEND_CONNECTING); - return fd; - } else { - char errStr[1024]; - dbgprintf("create tcp connection failed, reason %s", - strerror_r(errno, errStr, sizeof(errStr))); - } - - } - else { - TCPSendSetStatus(pData, TCP_SEND_READY); - return fd; - } - close(fd); - } - else { - char errStr[1024]; - dbgprintf("couldn't create send socket, reason %s", strerror_r(errno, errStr, sizeof(errStr))); - } - r = r->ai_next; - } - - dbgprintf("no working socket could be obtained"); - - return -1; + if(pData->port == NULL) + return("514"); + else + return(pData->port); } - -#ifdef USE_GSSAPI -static int TCPSendGSSInit(instanceData *pData) +/* Send a frame via plain TCP protocol + * rgerhards, 2007-12-28 + */ +static rsRetVal TCPSendFrame(void *pvData, char *msg, size_t len) { - int s = -1; - char *base; - OM_uint32 maj_stat, min_stat, init_sec_min_stat, *sess_flags, ret_flags; - gss_buffer_desc out_tok, in_tok; - gss_buffer_t tok_ptr; - gss_name_t target_name; - gss_ctx_id_t *context; - - assert(pData != NULL); - - base = (gss_base_service_name == NULL) ? "host" : gss_base_service_name; - out_tok.length = strlen(pData->f_hname) + strlen(base) + 2; - if ((out_tok.value = malloc(out_tok.length)) == NULL) - return -1; - strcpy(out_tok.value, base); - strcat(out_tok.value, "@"); - strcat(out_tok.value, pData->f_hname); - dbgprintf("GSS-API service name: %s\n", out_tok.value); - - tok_ptr = GSS_C_NO_BUFFER; - context = &pData->gss_context; - *context = GSS_C_NO_CONTEXT; - - maj_stat = gss_import_name(&min_stat, &out_tok, GSS_C_NT_HOSTBASED_SERVICE, &target_name); - free(out_tok.value); - out_tok.value = NULL; - out_tok.length = 0; - - if (maj_stat != GSS_S_COMPLETE) { - display_status("parsing name", maj_stat, min_stat); - goto fail; - } - - sess_flags = &pData->gss_flags; - *sess_flags = GSS_C_MUTUAL_FLAG; - if (gss_mode == GSSMODE_MIC) { - *sess_flags |= GSS_C_INTEG_FLAG; - } - if (gss_mode == GSSMODE_ENC) { - *sess_flags |= GSS_C_CONF_FLAG; - } - dbgprintf("GSS-API requested context flags:\n"); - display_ctx_flags(*sess_flags); - - do { - maj_stat = gss_init_sec_context(&init_sec_min_stat, GSS_C_NO_CREDENTIAL, context, - target_name, GSS_C_NO_OID, *sess_flags, 0, NULL, - tok_ptr, NULL, &out_tok, &ret_flags, NULL); - if (tok_ptr != GSS_C_NO_BUFFER) - free(in_tok.value); - - if (maj_stat != GSS_S_COMPLETE - && maj_stat != GSS_S_CONTINUE_NEEDED) { - display_status("initializing context", maj_stat, init_sec_min_stat); - goto fail; - } - - if (s == -1) - if ((s = pData->sock = TCPSendCreateSocket(pData, pData->f_addr)) == -1) - goto fail; - - if (out_tok.length != 0) { - dbgprintf("GSS-API Sending init_sec_context token (length: %d)\n", out_tok.length); - if (send_token(s, &out_tok) < 0) { - goto fail; - } - } - gss_release_buffer(&min_stat, &out_tok); - - if (maj_stat == GSS_S_CONTINUE_NEEDED) { - dbgprintf("GSS-API Continue needed...\n"); - if (recv_token(s, &in_tok) <= 0) { - goto fail; - } - tok_ptr = &in_tok; + DEFiRet; + ssize_t lenSend; + instanceData *pData = (instanceData *) pvData; + + lenSend = send(pData->sock, msg, len, 0); + dbgprintf("TCP sent %ld bytes, requested %ld\n", (long) lenSend, (long) len); + + if(lenSend == -1) { + /* we have an error case - check what we can live with */ + switch(errno) { + case EMSGSIZE: + dbgprintf("message not (tcp)send, too large\n"); + /* This is not a real error, so it is not flagged as one */ + break; + default: + dbgprintf("message not (tcp)send"); + iRet = RS_RET_TCP_SEND_ERROR; + break; } - } while (maj_stat == GSS_S_CONTINUE_NEEDED); - - dbgprintf("GSS-API Provided context flags:\n"); - *sess_flags = ret_flags; - display_ctx_flags(*sess_flags); - - dbgprintf("GSS-API Context initialized\n"); - gss_release_name(&min_stat, &target_name); - - return 0; - - fail: - logerror("GSS-API Context initialization failed\n"); - gss_release_name(&min_stat, &target_name); - gss_release_buffer(&min_stat, &out_tok); - if (*context != GSS_C_NO_CONTEXT) { - gss_delete_sec_context(&min_stat, context, GSS_C_NO_BUFFER); - *context = GSS_C_NO_CONTEXT; + } else if(lenSend != (ssize_t) len) { + /* no real error, could "just" not send everything... + * For the time being, we ignore this... + * rgerhards, 2005-10-25 + */ + dbgprintf("message not completely (tcp)send, ignoring %ld\n", lenSend); + usleep(1000); /* experimental - might be benefitial in this situation */ + /* TODO: we need to revisit this code -- rgerhards, 2007-12-28 */ } - if (s != -1) - close(s); - pData->sock = -1; - return -1; + + return iRet; } -static int TCPSendGSSSend(instanceData *pData, char *msg, size_t len) +/* This function is called immediately before a send retry is attempted. + * It shall clean up whatever makes sense. + * rgerhards, 2007-12-28 + */ +static rsRetVal TCPSendPrepRetry(void *pvData) { - int s; - gss_ctx_id_t *context; - OM_uint32 maj_stat, min_stat; - gss_buffer_desc in_buf, out_buf; + instanceData *pData = (instanceData *) pvData; assert(pData != NULL); - assert(msg != NULL); - assert(len > 0); - - s = pData->sock; - context = &pData->gss_context; - in_buf.value = msg; - in_buf.length = len; - maj_stat = gss_wrap(&min_stat, *context, (gss_mode == GSSMODE_ENC) ? 1 : 0, GSS_C_QOP_DEFAULT, - &in_buf, NULL, &out_buf); - if (maj_stat != GSS_S_COMPLETE) { - display_status("wrapping message", maj_stat, min_stat); - goto fail; - } - - if (send_token(s, &out_buf) < 0) { - goto fail; - } - gss_release_buffer(&min_stat, &out_buf); - - return 0; - - fail: - close(s); + close(pData->sock); pData->sock = -1; - TCPSendSetStatus(pData, TCP_SEND_NOTCONNECTED); - gss_delete_sec_context(&min_stat, context, GSS_C_NO_BUFFER); - *context = GSS_C_NO_CONTEXT; - gss_release_buffer(&min_stat, &out_buf); - return -1; + return RS_RET_OK; } -#endif /* #ifdef USE_GSSAPI */ -/* Sends a TCP message. It is first checked if the - * session is open and, if not, it is opened. Then the send - * is tried. If it fails, one silent re-try is made. If the send - * fails again, an error status (-1) is returned. If all goes well, - * 0 is returned. The TCP session is NOT torn down. - * For now, EAGAIN is ignored (causing message loss) - but it is - * hard to do something intelligent in this case. With this - * implementation here, we can not block and/or defer. Things are - * probably a bit better when we move to liblogging. The alternative - * would be to enhance the current select server with buffering and - * write descriptors. This seems not justified, given the expected - * short life span of this code (and the unlikeliness of this event). - * rgerhards 2005-07-06 - * This function is now expected to stay. Libloging won't be used for - * that purpose. I have added the param "len", because it is known by the - * caller and so safes us some time. Also, it MUST be given because there - * may be NULs inside msg so that we can not rely on strlen(). Please note - * that the restrictions outlined above do not existin in multi-threaded - * mode, which we assume will now be most often used. So there is no - * real issue with the potential message loss in single-threaded builds. - * rgerhards, 2006-11-30 - * - * In order to support compressed messages via TCP, we must support an - * octet-counting based framing (LF may be part of the compressed message). - * We are now supporting the same mode that is available in IETF I-D - * syslog-transport-tls-05 (current at the time of this writing). This also - * eases things when we go ahead and implement that framing. I have now made - * available two cases where this framing is used: either by explitely - * specifying it in the config file or implicitely when sending a compressed - * message. In the later case, compressed and uncompressed messages within - * the same session have different framings. If it is explicitely set to - * octet-counting, only this framing mode is used within the session. - * rgerhards, 2006-12-07 +/* initialies everything so that TCPSend can work. + * rgerhards, 2007-12-28 */ -static int TCPSend(instanceData *pData, char *msg, size_t len) +static rsRetVal TCPSendInit(void *pvData) { - int retry = 0; - int done = 0; - int bIsCompressed; - int lenSend; - char *buf = NULL; /* if this is non-NULL, it MUST be freed before return! */ - enum TCPSendStatus eState; - TCPFRAMINGMODE framingToUse; + DEFiRet; + instanceData *pData = (instanceData *) pvData; assert(pData != NULL); - assert(msg != NULL); - assert(len > 0); - - bIsCompressed = *msg == 'z'; /* cache this, so that we can modify the message buffer */ - /* select framing for this record. If we have a compressed record, we always need to - * use octet counting because the data potentially contains all control characters - * including LF. - */ - framingToUse = bIsCompressed ? TCP_FRAMING_OCTET_COUNTING : pData->tcp_framing; - - do { /* try to send message */ - if(pData->sock <= 0) { - /* we need to open the socket first */ -# ifdef USE_GSSAPI - if(gss_mode != GSSMODE_NONE) { - if(TCPSendGSSInit(pData) != 0) - return -1; - } else -# endif - if((pData->sock = TCPSendCreateSocket(pData, pData->f_addr)) <= 0) - return -1; - } - - eState = TCPSendGetStatus(pData); /* cache info */ - - if(eState == TCP_SEND_CONNECTING) { - /* In this case, we save the buffer. If we have a - * system with few messages, that hopefully prevents - * message loss at all. However, we make no further attempts, - * just the first message is saved. So we only try this - * if there is not yet a saved message present. - * rgerhards 2005-07-20 - */ - if(pData->savedMsg == NULL) { - pData->savedMsg = malloc(len * sizeof(char)); - if(pData->savedMsg == NULL) - return 0; /* nothing we can do... */ - memcpy(pData->savedMsg, msg, len); - pData->savedMsgLen = len; - } - return 0; - } else if(eState != TCP_SEND_READY) - /* This here is debatable. For the time being, we - * accept the loss of a single message (e.g. during - * connection setup in favour of not messing with - * wait time and timeouts. The reason is that such - * things might otherwise cost us considerable message - * loss on the receiving side (even at a timeout set - * to just 1 second). - rgerhards 2005-07-20 - */ - return 0; - - /* now check if we need to add a line terminator. We need to - * copy the string in memory in this case, this is probably - * quicker than using writev and definitely quicker than doing - * two socket calls. - * rgerhards 2005-07-22 - *//* - * Some messages already contain a \n character at the end - * of the message. We append one only if we there is not - * already one. This seems the best fit, though this also - * means the message does not arrive unaltered at the final - * destination. But in the spirit of legacy syslog, this is - * probably the best to do... - * rgerhards 2005-07-20 - */ - - /* Build frame based on selected framing */ - if(framingToUse == TCP_FRAMING_OCTET_STUFFING) { - if((*(msg+len-1) != '\n')) { - if(buf != NULL) - free(buf); - /* in the malloc below, we need to add 2 to the length. The - * reason is that we a) add one character and b) len does - * not take care of the '\0' byte. Up until today, it was just - * +1 , which caused rsyslogd to sometimes dump core. - * I have added this comment so that the logic is not accidently - * changed again. rgerhards, 2005-10-25 - */ - if((buf = malloc((len + 2) * sizeof(char))) == NULL) { - /* extreme mem shortage, try to solve - * as good as we can. No point in calling - * any alarms, they might as well run out - * of memory (the risk is very high, so we - * do NOT risk that). If we have a message of - * more than 1 byte (what I guess), we simply - * overwrite the last character. - * rgerhards 2005-07-22 - */ - if(len > 1) { - *(msg+len-1) = '\n'; - } else { - /* we simply can not do anything in - * this case (its an error anyhow...). - */ - } - } else { - /* we got memory, so we can copy the message */ - memcpy(buf, msg, len); /* do not copy '\0' */ - *(buf+len) = '\n'; - *(buf+len+1) = '\0'; - msg = buf; /* use new one */ - ++len; /* care for the \n */ - } - } - } else { - /* Octect-Counting - * In this case, we need to always allocate a buffer. This is because - * we need to put a header in front of the message text - */ - char szLenBuf[16]; - int iLenBuf; - - /* important: the printf-mask is "%d<sp>" because there must be a - * space after the len! - *//* The chairs of the IETF syslog-sec WG have announced that it is - * consensus to do the octet count on the SYSLOG-MSG part only. I am - * now changing the code to reflect this. Hopefully, it will not change - * once again (there can no compatibility layer programmed for this). - * To be on the save side, I just comment the code out. I mark these - * comments with "IETF20061218". - * rgerhards, 2006-12-19 - */ - iLenBuf = snprintf(szLenBuf, sizeof(szLenBuf)/sizeof(char), "%d ", (int) len); - /* IETF20061218 iLenBuf = - snprintf(szLenBuf, sizeof(szLenBuf)/sizeof(char), "%d ", len + iLenBuf);*/ - - if((buf = malloc((len + iLenBuf) * sizeof(char))) == NULL) { - /* we are out of memory. This is an extreme situation. We do not - * call any alarm handlers because they most likely run out of mem, - * too. We are brave enough to call debug output, though. Other than - * that, there is nothing left to do. We can not sent the message (as - * in case of the other framing, because the message is incomplete. - * We could, however, send two chunks (header and text separate), but - * that would cause a lot of complexity in the code. So we think it - * is appropriate enough to just make sure we do not crash in this - * very unlikely case. For this, it is justified just to loose - * the message. Rgerhards, 2006-12-07 - */ - dbgprintf("Error: out of memory when building TCP octet-counted " - "frame. Message is lost, trying to continue.\n"); - return 0; - } - - memcpy(buf, szLenBuf, iLenBuf); /* header */ - memcpy(buf + iLenBuf, msg, len); /* message */ - len += iLenBuf; /* new message size */ - msg = buf; /* set message buffer */ - } - - /* frame building complete, on to actual sending */ -# ifdef USE_GSSAPI - if(gss_mode != GSSMODE_NONE) { - if(TCPSendGSSSend(pData, msg, len) == 0) { - if(buf != NULL) { - free(buf); - } - return 0; - } else { - if(retry == 0) { - ++retry; - /* try to recover */ - continue; - } else { - if(buf != NULL) - free(buf); - dbgprintf("message not (tcp)send"); - return -1; - } - } - } else { -# endif - lenSend = send(pData->sock, msg, len, 0); - dbgprintf("TCP sent %d bytes, requested %d, msg: '%s'\n", lenSend, len, - bIsCompressed ? "***compressed***" : msg); - if((unsigned)lenSend == len) { - /* all well */ - if(buf != NULL) { - free(buf); - } - return 0; - } else if(lenSend != -1) { - /* no real error, could "just" not send everything... - * For the time being, we ignore this... - * rgerhards, 2005-10-25 - */ - dbgprintf("message not completely (tcp)send, ignoring %d\n", lenSend); -# if USE_PTHREADS - usleep(1000); /* experimental - might be benefitial in this situation */ -# endif - if(buf != NULL) - free(buf); - return 0; - } - - switch(errno) { - case EMSGSIZE: - dbgprintf("message not (tcp)send, too large\n"); - /* This is not a real error, so it is not flagged as one */ - if(buf != NULL) - free(buf); - return 0; - break; - case EINPROGRESS: - case EAGAIN: - dbgprintf("message not (tcp)send, would block\n"); -# if USE_PTHREADS - usleep(1000); /* experimental - might be benefitial in this situation */ -# endif - /* we loose this message, but that's better than loosing - * all ;) - */ - /* This is not a real error, so it is not flagged as one */ - if(buf != NULL) - free(buf); - return 0; - break; - default: - dbgprintf("message not (tcp)send"); - break; - } - - if(retry == 0) { - ++retry; - /* try to recover */ - close(pData->sock); - TCPSendSetStatus(pData, TCP_SEND_NOTCONNECTED); - pData->sock = -1; - } else { - if(buf != NULL) - free(buf); - return -1; - } -# ifdef USE_GSSAPI - } -# endif - } while(!done); /* warning: do ... while() */ - /*NOT REACHED*/ + if(pData->sock <= 0) { + if((pData->sock = TCPSendCreateSocket(pData->f_addr)) <= 0) + iRet = RS_RET_TCP_SOCKCREATE_ERR; + } - if(buf != NULL) - free(buf); - return -1; /* only to avoid compiler warning! */ + return iRet; } -/* get the syslog forward port from selector_t. The passed in - * struct must be one that is setup for forwarding. - * rgerhards, 2007-06-28 - * We may change the implementation to try to lookup the port - * if it is unspecified. So far, we use the IANA default auf 514. - */ -static char *getFwdSyslogPt(instanceData *pData) -{ - assert(pData != NULL); - if(pData->port == NULL) - return("514"); - else - return(pData->port); -} - /* try to resume connection if it is not ready * rgerhards, 2007-08-02 @@ -914,8 +453,9 @@ CODESTARTdoAction } } } else { - /* forward via TCP */ - if(TCPSend(pData, psz, l) != 0) { + int ret; + ret = TCPSend(pData, psz, l, pData->tcp_framing, TCPSendInit, TCPSendFrame, TCPSendPrepRetry); + if(ret != RS_RET_OK) { /* error! */ dbgprintf("error forwarding via tcp, suspending\n"); pData->eDestState = eDestFORW_SUSP; @@ -1107,8 +647,8 @@ CODESTARTonSelectReadyWrite TCPSendSetStatus(pData, TCP_SEND_READY); /* Send stored message (if any) */ if(pData->savedMsg != NULL) { - if(TCPSend(pData, pData->savedMsg, - pData->savedMsgLen) != 0) { + if(TCPSend(pData, pData->savedMsg, pData->savedMsgLen, pData->tcp_framing, + TCPSendInit, TCPSendFrame, TCPSendPrepRetry) != RS_RET_OK) { /* error! */ pData->eDestState = eDestFORW_SUSP; errno = 0; @@ -1142,52 +682,10 @@ CODEqueryEtryPt_STD_OMOD_QUERIES ENDqueryEtryPt -#ifdef USE_GSSAPI -static rsRetVal setGSSMode(void __attribute__((unused)) *pVal, uchar *mode) -{ - if (!strcmp((char *) mode, "none")) { - gss_mode = GSSMODE_NONE; - free(mode); - dbgprintf("GSS-API gssmode set to GSSMODE_NONE\n"); - } else if (!strcmp((char *) mode, "integrity")) { - gss_mode = GSSMODE_MIC; - free(mode); - dbgprintf("GSS-API gssmode set to GSSMODE_MIC\n"); - } else if (!strcmp((char *) mode, "encryption")) { - gss_mode = GSSMODE_ENC; - free(mode); - dbgprintf("GSS-API gssmode set to GSSMODE_ENC\n"); - } else { - logerrorSz("unknown gssmode parameter: %s", (char *) mode); - free(mode); - return RS_RET_ERR; - } - - return RS_RET_OK; -} - - -static rsRetVal resetConfigVariables(uchar __attribute__((unused)) *pp, void __attribute__((unused)) *pVal) -{ - gss_mode = GSSMODE_NONE; - if (gss_base_service_name != NULL) { - free(gss_base_service_name); - gss_base_service_name = NULL; - } - return RS_RET_OK; -} -#endif /* #ifdef USE_GSSAPI */ - - BEGINmodInit(Fwd) CODESTARTmodInit *ipIFVersProvided = 1; /* so far, we only support the initial definition */ CODEmodInit_QueryRegCFSLineHdlr -# ifdef USE_GSSAPI - CHKiRet(omsdRegCFSLineHdlr((uchar *)"gssforwardservicename", 0, eCmdHdlrGetWord, NULL, &gss_base_service_name, STD_LOADABLE_MODULE_ID)); - CHKiRet(omsdRegCFSLineHdlr((uchar *)"gssmode", 0, eCmdHdlrGetWord, setGSSMode, &gss_mode, STD_LOADABLE_MODULE_ID)); - CHKiRet(omsdRegCFSLineHdlr((uchar *)"resetconfigvariables", 1, eCmdHdlrCustomHandler, resetConfigVariables, NULL, STD_LOADABLE_MODULE_ID)); -# endif ENDmodInit #endif /* #ifdef SYSLOG_INET */ diff --git a/plugins/omgssapi/Makefile.am b/plugins/omgssapi/Makefile.am new file mode 100644 index 0000000..9fa6a24 --- /dev/null +++ b/plugins/omgssapi/Makefile.am @@ -0,0 +1,6 @@ +pkglib_LTLIBRARIES = omgssapi.la + +omgssapi_la_SOURCES = omgssapi.c ../../module-template.h +omgssapi_la_CPPFLAGS = $(pgsql_cflags) -I$(srcdir)/../.. +omgssapi_la_LDFLAGS = -module -avoid-version +omgssapi_la_LIBADD = $(gss_libs) diff --git a/plugins/omgssapi/Makefile.in b/plugins/omgssapi/Makefile.in new file mode 100644 index 0000000..240ffb5 --- /dev/null +++ b/plugins/omgssapi/Makefile.in @@ -0,0 +1,487 @@ +# Makefile.in generated by automake 1.10 from Makefile.am. +# @configure_input@ + +# Copyright (C) 1994, 1995, 1996, 1997, 1998, 1999, 2000, 2001, 2002, +# 2003, 2004, 2005, 2006 Free Software Foundation, Inc. +# This Makefile.in is free software; the Free Software Foundation +# gives unlimited permission to copy and/or distribute it, +# with or without modifications, as long as this notice is preserved. + +# This program is distributed in the hope that it will be useful, +# but WITHOUT ANY WARRANTY, to the extent permitted by law; without +# even the implied warranty of MERCHANTABILITY or FITNESS FOR A +# PARTICULAR PURPOSE. + +@SET_MAKE@ + +VPATH = @srcdir@ +pkgdatadir = $(datadir)/@PACKAGE@ +pkglibdir = $(libdir)/@PACKAGE@ +pkgincludedir = $(includedir)/@PACKAGE@ +am__cd = CDPATH="$${ZSH_VERSION+.}$(PATH_SEPARATOR)" && cd +install_sh_DATA = $(install_sh) -c -m 644 +install_sh_PROGRAM = $(install_sh) -c +install_sh_SCRIPT = $(install_sh) -c +INSTALL_HEADER = $(INSTALL_DATA) +transform = $(program_transform_name) +NORMAL_INSTALL = : +PRE_INSTALL = : +POST_INSTALL = : +NORMAL_UNINSTALL = : +PRE_UNINSTALL = : +POST_UNINSTALL = : +build_triplet = @build@ +host_triplet = @host@ +subdir = plugins/omgssapi +DIST_COMMON = $(srcdir)/Makefile.am $(srcdir)/Makefile.in +ACLOCAL_M4 = $(top_srcdir)/aclocal.m4 +am__aclocal_m4_deps = $(top_srcdir)/configure.ac +am__configure_deps = $(am__aclocal_m4_deps) $(CONFIGURE_DEPENDENCIES) \ + $(ACLOCAL_M4) +mkinstalldirs = $(install_sh) -d +CONFIG_HEADER = $(top_builddir)/config.h +CONFIG_CLEAN_FILES = +am__vpath_adj_setup = srcdirstrip=`echo "$(srcdir)" | sed 's|.|.|g'`; +am__vpath_adj = case $$p in \ + $(srcdir)/*) f=`echo "$$p" | sed "s|^$$srcdirstrip/||"`;; \ + *) f=$$p;; \ + esac; +am__strip_dir = `echo $$p | sed -e 's|^.*/||'`; +am__installdirs = "$(DESTDIR)$(pkglibdir)" +pkglibLTLIBRARIES_INSTALL = $(INSTALL) +LTLIBRARIES = $(pkglib_LTLIBRARIES) +am__DEPENDENCIES_1 = +omgssapi_la_DEPENDENCIES = $(am__DEPENDENCIES_1) +am_omgssapi_la_OBJECTS = omgssapi_la-omgssapi.lo +omgssapi_la_OBJECTS = $(am_omgssapi_la_OBJECTS) +omgssapi_la_LINK = $(LIBTOOL) --tag=CC $(AM_LIBTOOLFLAGS) \ + $(LIBTOOLFLAGS) --mode=link $(CCLD) $(AM_CFLAGS) $(CFLAGS) \ + $(omgssapi_la_LDFLAGS) $(LDFLAGS) -o $@ +DEFAULT_INCLUDES = -I. -I$(top_builddir)@am__isrc@ +depcomp = $(SHELL) $(top_srcdir)/depcomp +am__depfiles_maybe = depfiles +COMPILE = $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) \ + $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) +LTCOMPILE = $(LIBTOOL) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) \ + --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) \ + $(AM_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) +CCLD = $(CC) +LINK = $(LIBTOOL) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) \ + --mode=link $(CCLD) $(AM_CFLAGS) $(CFLAGS) $(AM_LDFLAGS) \ + $(LDFLAGS) -o $@ +SOURCES = $(omgssapi_la_SOURCES) +DIST_SOURCES = $(omgssapi_la_SOURCES) +ETAGS = etags +CTAGS = ctags +DISTFILES = $(DIST_COMMON) $(DIST_SOURCES) $(TEXINFOS) $(EXTRA_DIST) +ACLOCAL = @ACLOCAL@ +AMTAR = @AMTAR@ +AR = @AR@ +AUTOCONF = @AUTOCONF@ +AUTOHEADER = @AUTOHEADER@ +AUTOMAKE = @AUTOMAKE@ +AWK = @AWK@ +CC = @CC@ +CCDEPMODE = @CCDEPMODE@ +CFLAGS = @CFLAGS@ +CPP = @CPP@ +CPPFLAGS = @CPPFLAGS@ +CXX = @CXX@ +CXXCPP = @CXXCPP@ +CXXDEPMODE = @CXXDEPMODE@ +CXXFLAGS = @CXXFLAGS@ +CYGPATH_W = @CYGPATH_W@ +DEFS = @DEFS@ +DEPDIR = @DEPDIR@ +ECHO = @ECHO@ +ECHO_C = @ECHO_C@ +ECHO_N = @ECHO_N@ +ECHO_T = @ECHO_T@ +EGREP = @EGREP@ +EXEEXT = @EXEEXT@ +F77 = @F77@ +FFLAGS = @FFLAGS@ +GREP = @GREP@ +HAVE_MYSQL_CONFIG = @HAVE_MYSQL_CONFIG@ +HAVE_PGSQL_CONFIG = @HAVE_PGSQL_CONFIG@ +INSTALL = @INSTALL@ +INSTALL_DATA = @INSTALL_DATA@ +INSTALL_PROGRAM = @INSTALL_PROGRAM@ +INSTALL_SCRIPT = @INSTALL_SCRIPT@ +INSTALL_STRIP_PROGRAM = @INSTALL_STRIP_PROGRAM@ +LDFLAGS = @LDFLAGS@ +LIBOBJS = @LIBOBJS@ +LIBS = @LIBS@ +LIBTOOL = @LIBTOOL@ +LN_S = @LN_S@ +LTLIBOBJS = @LTLIBOBJS@ +MAKEINFO = @MAKEINFO@ +MKDIR_P = @MKDIR_P@ +OBJEXT = @OBJEXT@ +PACKAGE = @PACKAGE@ +PACKAGE_BUGREPORT = @PACKAGE_BUGREPORT@ +PACKAGE_NAME = @PACKAGE_NAME@ +PACKAGE_STRING = @PACKAGE_STRING@ +PACKAGE_TARNAME = @PACKAGE_TARNAME@ +PACKAGE_VERSION = @PACKAGE_VERSION@ +PATH_SEPARATOR = @PATH_SEPARATOR@ +RANLIB = @RANLIB@ +SED = @SED@ +SET_MAKE = @SET_MAKE@ +SHELL = @SHELL@ +STRIP = @STRIP@ +VERSION = @VERSION@ +abs_builddir = @abs_builddir@ +abs_srcdir = @abs_srcdir@ +abs_top_builddir = @abs_top_builddir@ +abs_top_srcdir = @abs_top_srcdir@ +ac_ct_CC = @ac_ct_CC@ +ac_ct_CXX = @ac_ct_CXX@ +ac_ct_F77 = @ac_ct_F77@ +am__include = @am__include@ +am__leading_dot = @am__leading_dot@ +am__quote = @am__quote@ +am__tar = @am__tar@ +am__untar = @am__untar@ +bindir = @bindir@ +build = @build@ +build_alias = @build_alias@ +build_cpu = @build_cpu@ +build_os = @build_os@ +build_vendor = @build_vendor@ +builddir = @builddir@ +datadir = @datadir@ +datarootdir = @datarootdir@ +dl_libs = @dl_libs@ +docdir = @docdir@ +dvidir = @dvidir@ +exec_prefix = @exec_prefix@ +gss_libs = @gss_libs@ +host = @host@ +host_alias = @host_alias@ +host_cpu = @host_cpu@ +host_os = @host_os@ +host_vendor = @host_vendor@ +htmldir = @htmldir@ +includedir = @includedir@ +infodir = @infodir@ +install_sh = @install_sh@ +libdir = @libdir@ +libexecdir = @libexecdir@ +localedir = @localedir@ +localstatedir = @localstatedir@ +mandir = @mandir@ +mkdir_p = @mkdir_p@ +mysql_cflags = @mysql_cflags@ +mysql_libs = @mysql_libs@ +oldincludedir = @oldincludedir@ +pdfdir = @pdfdir@ +pgsql_cflags = @pgsql_cflags@ +pgsql_libs = @pgsql_libs@ +prefix = @prefix@ +program_transform_name = @program_transform_name@ +psdir = @psdir@ +pthreads_cflags = @pthreads_cflags@ +pthreads_libs = @pthreads_libs@ +rt_libs = @rt_libs@ +sbindir = @sbindir@ +sharedstatedir = @sharedstatedir@ +srcdir = @srcdir@ +sysconfdir = @sysconfdir@ +target_alias = @target_alias@ +top_builddir = @top_builddir@ +top_srcdir = @top_srcdir@ +zlib_libs = @zlib_libs@ +pkglib_LTLIBRARIES = omgssapi.la +omgssapi_la_SOURCES = omgssapi.c ../../module-template.h +omgssapi_la_CPPFLAGS = $(pgsql_cflags) -I$(srcdir)/../.. +omgssapi_la_LDFLAGS = -module -avoid-version +omgssapi_la_LIBADD = $(gss_libs) +all: all-am + +.SUFFIXES: +.SUFFIXES: .c .lo .o .obj +$(srcdir)/Makefile.in: $(srcdir)/Makefile.am $(am__configure_deps) + @for dep in $?; do \ + case '$(am__configure_deps)' in \ + *$$dep*) \ + cd $(top_builddir) && $(MAKE) $(AM_MAKEFLAGS) am--refresh \ + && exit 0; \ + exit 1;; \ + esac; \ + done; \ + echo ' cd $(top_srcdir) && $(AUTOMAKE) --gnu plugins/omgssapi/Makefile'; \ + cd $(top_srcdir) && \ + $(AUTOMAKE) --gnu plugins/omgssapi/Makefile +.PRECIOUS: Makefile +Makefile: $(srcdir)/Makefile.in $(top_builddir)/config.status + @case '$?' in \ + *config.status*) \ + cd $(top_builddir) && $(MAKE) $(AM_MAKEFLAGS) am--refresh;; \ + *) \ + echo ' cd $(top_builddir) && $(SHELL) ./config.status $(subdir)/$@ $(am__depfiles_maybe)'; \ + cd $(top_builddir) && $(SHELL) ./config.status $(subdir)/$@ $(am__depfiles_maybe);; \ + esac; + +$(top_builddir)/config.status: $(top_srcdir)/configure $(CONFIG_STATUS_DEPENDENCIES) + cd $(top_builddir) && $(MAKE) $(AM_MAKEFLAGS) am--refresh + +$(top_srcdir)/configure: $(am__configure_deps) + cd $(top_builddir) && $(MAKE) $(AM_MAKEFLAGS) am--refresh +$(ACLOCAL_M4): $(am__aclocal_m4_deps) + cd $(top_builddir) && $(MAKE) $(AM_MAKEFLAGS) am--refresh +install-pkglibLTLIBRARIES: $(pkglib_LTLIBRARIES) + @$(NORMAL_INSTALL) + test -z "$(pkglibdir)" || $(MKDIR_P) "$(DESTDIR)$(pkglibdir)" + @list='$(pkglib_LTLIBRARIES)'; for p in $$list; do \ + if test -f $$p; then \ + f=$(am__strip_dir) \ + echo " $(LIBTOOL) --mode=install $(pkglibLTLIBRARIES_INSTALL) $(INSTALL_STRIP_FLAG) '$$p' '$(DESTDIR)$(pkglibdir)/$$f'"; \ + $(LIBTOOL) --mode=install $(pkglibLTLIBRARIES_INSTALL) $(INSTALL_STRIP_FLAG) "$$p" "$(DESTDIR)$(pkglibdir)/$$f"; \ + else :; fi; \ + done + +uninstall-pkglibLTLIBRARIES: + @$(NORMAL_UNINSTALL) + @list='$(pkglib_LTLIBRARIES)'; for p in $$list; do \ + p=$(am__strip_dir) \ + echo " $(LIBTOOL) --mode=uninstall rm -f '$(DESTDIR)$(pkglibdir)/$$p'"; \ + $(LIBTOOL) --mode=uninstall rm -f "$(DESTDIR)$(pkglibdir)/$$p"; \ + done + +clean-pkglibLTLIBRARIES: + -test -z "$(pkglib_LTLIBRARIES)" || rm -f $(pkglib_LTLIBRARIES) + @list='$(pkglib_LTLIBRARIES)'; for p in $$list; do \ + dir="`echo $$p | sed -e 's|/[^/]*$$||'`"; \ + test "$$dir" != "$$p" || dir=.; \ + echo "rm -f \"$${dir}/so_locations\""; \ + rm -f "$${dir}/so_locations"; \ + done +omgssapi.la: $(omgssapi_la_OBJECTS) $(omgssapi_la_DEPENDENCIES) + $(omgssapi_la_LINK) -rpath $(pkglibdir) $(omgssapi_la_OBJECTS) $(omgssapi_la_LIBADD) $(LIBS) + +mostlyclean-compile: + -rm -f *.$(OBJEXT) + +distclean-compile: + -rm -f *.tab.c + +@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/omgssapi_la-omgssapi.Plo@am__quote@ + +.c.o: +@am__fastdepCC_TRUE@ $(COMPILE) -MT $@ -MD -MP -MF $(DEPDIR)/$*.Tpo -c -o $@ $< +@am__fastdepCC_TRUE@ mv -f $(DEPDIR)/$*.Tpo $(DEPDIR)/$*.Po +@AMDEP_TRUE@@am__fastdepCC_FALSE@ source='$<' object='$@' libtool=no @AMDEPBACKSLASH@ +@AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@ +@am__fastdepCC_FALSE@ $(COMPILE) -c $< + +.c.obj: +@am__fastdepCC_TRUE@ $(COMPILE) -MT $@ -MD -MP -MF $(DEPDIR)/$*.Tpo -c -o $@ `$(CYGPATH_W) '$<'` +@am__fastdepCC_TRUE@ mv -f $(DEPDIR)/$*.Tpo $(DEPDIR)/$*.Po +@AMDEP_TRUE@@am__fastdepCC_FALSE@ source='$<' object='$@' libtool=no @AMDEPBACKSLASH@ +@AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@ +@am__fastdepCC_FALSE@ $(COMPILE) -c `$(CYGPATH_W) '$<'` + +.c.lo: +@am__fastdepCC_TRUE@ $(LTCOMPILE) -MT $@ -MD -MP -MF $(DEPDIR)/$*.Tpo -c -o $@ $< +@am__fastdepCC_TRUE@ mv -f $(DEPDIR)/$*.Tpo $(DEPDIR)/$*.Plo +@AMDEP_TRUE@@am__fastdepCC_FALSE@ source='$<' object='$@' libtool=yes @AMDEPBACKSLASH@ +@AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@ +@am__fastdepCC_FALSE@ $(LTCOMPILE) -c -o $@ $< + +omgssapi_la-omgssapi.lo: omgssapi.c +@am__fastdepCC_TRUE@ $(LIBTOOL) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(omgssapi_la_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -MT omgssapi_la-omgssapi.lo -MD -MP -MF $(DEPDIR)/omgssapi_la-omgssapi.Tpo -c -o omgssapi_la-omgssapi.lo `test -f 'omgssapi.c' || echo '$(srcdir)/'`omgssapi.c +@am__fastdepCC_TRUE@ mv -f $(DEPDIR)/omgssapi_la-omgssapi.Tpo $(DEPDIR)/omgssapi_la-omgssapi.Plo +@AMDEP_TRUE@@am__fastdepCC_FALSE@ source='omgssapi.c' object='omgssapi_la-omgssapi.lo' libtool=yes @AMDEPBACKSLASH@ +@AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@ +@am__fastdepCC_FALSE@ $(LIBTOOL) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(omgssapi_la_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -c -o omgssapi_la-omgssapi.lo `test -f 'omgssapi.c' || echo '$(srcdir)/'`omgssapi.c + +mostlyclean-libtool: + -rm -f *.lo + +clean-libtool: + -rm -rf .libs _libs + +ID: $(HEADERS) $(SOURCES) $(LISP) $(TAGS_FILES) + list='$(SOURCES) $(HEADERS) $(LISP) $(TAGS_FILES)'; \ + unique=`for i in $$list; do \ + if test -f "$$i"; then echo $$i; else echo $(srcdir)/$$i; fi; \ + done | \ + $(AWK) ' { files[$$0] = 1; } \ + END { for (i in files) print i; }'`; \ + mkid -fID $$unique +tags: TAGS + +TAGS: $(HEADERS) $(SOURCES) $(TAGS_DEPENDENCIES) \ + $(TAGS_FILES) $(LISP) + tags=; \ + here=`pwd`; \ + list='$(SOURCES) $(HEADERS) $(LISP) $(TAGS_FILES)'; \ + unique=`for i in $$list; do \ + if test -f "$$i"; then echo $$i; else echo $(srcdir)/$$i; fi; \ + done | \ + $(AWK) ' { files[$$0] = 1; } \ + END { for (i in files) print i; }'`; \ + if test -z "$(ETAGS_ARGS)$$tags$$unique"; then :; else \ + test -n "$$unique" || unique=$$empty_fix; \ + $(ETAGS) $(ETAGSFLAGS) $(AM_ETAGSFLAGS) $(ETAGS_ARGS) \ + $$tags $$unique; \ + fi +ctags: CTAGS +CTAGS: $(HEADERS) $(SOURCES) $(TAGS_DEPENDENCIES) \ + $(TAGS_FILES) $(LISP) + tags=; \ + here=`pwd`; \ + list='$(SOURCES) $(HEADERS) $(LISP) $(TAGS_FILES)'; \ + unique=`for i in $$list; do \ + if test -f "$$i"; then echo $$i; else echo $(srcdir)/$$i; fi; \ + done | \ + $(AWK) ' { files[$$0] = 1; } \ + END { for (i in files) print i; }'`; \ + test -z "$(CTAGS_ARGS)$$tags$$unique" \ + || $(CTAGS) $(CTAGSFLAGS) $(AM_CTAGSFLAGS) $(CTAGS_ARGS) \ + $$tags $$unique + +GTAGS: + here=`$(am__cd) $(top_builddir) && pwd` \ + && cd $(top_srcdir) \ + && gtags -i $(GTAGS_ARGS) $$here + +distclean-tags: + -rm -f TAGS ID GTAGS GRTAGS GSYMS GPATH tags + +distdir: $(DISTFILES) + @srcdirstrip=`echo "$(srcdir)" | sed 's/[].[^$$\\*]/\\\\&/g'`; \ + topsrcdirstrip=`echo "$(top_srcdir)" | sed 's/[].[^$$\\*]/\\\\&/g'`; \ + list='$(DISTFILES)'; \ + dist_files=`for file in $$list; do echo $$file; done | \ + sed -e "s|^$$srcdirstrip/||;t" \ + -e "s|^$$topsrcdirstrip/|$(top_builddir)/|;t"`; \ + case $$dist_files in \ + */*) $(MKDIR_P) `echo "$$dist_files" | \ + sed '/\//!d;s|^|$(distdir)/|;s,/[^/]*$$,,' | \ + sort -u` ;; \ + esac; \ + for file in $$dist_files; do \ + if test -f $$file || test -d $$file; then d=.; else d=$(srcdir); fi; \ + if test -d $$d/$$file; then \ + dir=`echo "/$$file" | sed -e 's,/[^/]*$$,,'`; \ + if test -d $(srcdir)/$$file && test $$d != $(srcdir); then \ + cp -pR $(srcdir)/$$file $(distdir)$$dir || exit 1; \ + fi; \ + cp -pR $$d/$$file $(distdir)$$dir || exit 1; \ + else \ + test -f $(distdir)/$$file \ + || cp -p $$d/$$file $(distdir)/$$file \ + || exit 1; \ + fi; \ + done +check-am: all-am +check: check-am +all-am: Makefile $(LTLIBRARIES) +installdirs: + for dir in "$(DESTDIR)$(pkglibdir)"; do \ + test -z "$$dir" || $(MKDIR_P) "$$dir"; \ + done +install: install-am +install-exec: install-exec-am +install-data: install-data-am +uninstall: uninstall-am + +install-am: all-am + @$(MAKE) $(AM_MAKEFLAGS) install-exec-am install-data-am + +installcheck: installcheck-am +install-strip: + $(MAKE) $(AM_MAKEFLAGS) INSTALL_PROGRAM="$(INSTALL_STRIP_PROGRAM)" \ + install_sh_PROGRAM="$(INSTALL_STRIP_PROGRAM)" INSTALL_STRIP_FLAG=-s \ + `test -z '$(STRIP)' || \ + echo "INSTALL_PROGRAM_ENV=STRIPPROG='$(STRIP)'"` install +mostlyclean-generic: + +clean-generic: + +distclean-generic: + -test -z "$(CONFIG_CLEAN_FILES)" || rm -f $(CONFIG_CLEAN_FILES) + +maintainer-clean-generic: + @echo "This command is intended for maintainers to use" + @echo "it deletes files that may require special tools to rebuild." +clean: clean-am + +clean-am: clean-generic clean-libtool clean-pkglibLTLIBRARIES \ + mostlyclean-am + +distclean: distclean-am + -rm -rf ./$(DEPDIR) + -rm -f Makefile +distclean-am: clean-am distclean-compile distclean-generic \ + distclean-tags + +dvi: dvi-am + +dvi-am: + +html: html-am + +info: info-am + +info-am: + +install-data-am: + +install-dvi: install-dvi-am + +install-exec-am: install-pkglibLTLIBRARIES + +install-html: install-html-am + +install-info: install-info-am + +install-man: + +install-pdf: install-pdf-am + +install-ps: install-ps-am + +installcheck-am: + +maintainer-clean: maintainer-clean-am + -rm -rf ./$(DEPDIR) + -rm -f Makefile +maintainer-clean-am: distclean-am maintainer-clean-generic + +mostlyclean: mostlyclean-am + +mostlyclean-am: mostlyclean-compile mostlyclean-generic \ + mostlyclean-libtool + +pdf: pdf-am + +pdf-am: + +ps: ps-am + +ps-am: + +uninstall-am: uninstall-pkglibLTLIBRARIES + +.MAKE: install-am install-strip + +.PHONY: CTAGS GTAGS all all-am check check-am clean clean-generic \ + clean-libtool clean-pkglibLTLIBRARIES ctags distclean \ + distclean-compile distclean-generic distclean-libtool \ + distclean-tags distdir dvi dvi-am html html-am info info-am \ + install install-am install-data install-data-am install-dvi \ + install-dvi-am install-exec install-exec-am install-html \ + install-html-am install-info install-info-am install-man \ + install-pdf install-pdf-am install-pkglibLTLIBRARIES \ + install-ps install-ps-am install-strip installcheck \ + installcheck-am installdirs maintainer-clean \ + maintainer-clean-generic mostlyclean mostlyclean-compile \ + mostlyclean-generic mostlyclean-libtool pdf pdf-am ps ps-am \ + tags uninstall uninstall-am uninstall-pkglibLTLIBRARIES + +# Tell versions [3.59,3.63) of GNU make to not export all variables. +# Otherwise a system limit (for SysV at least) may be exceeded. +.NOEXPORT: diff --git a/plugins/omgssapi/omgssapi.c b/plugins/omgssapi/omgssapi.c new file mode 100644 index 0000000..97b8bd5 --- /dev/null +++ b/plugins/omgssapi/omgssapi.c @@ -0,0 +1,771 @@ +/* omgssapi.c + * This is the implementation of the build-in forwarding output module. + * + * NOTE: read comments in module-template.h to understand how this file + * works! + * + * Copyright 2007 Rainer Gerhards and Adiscon GmbH. + * + * This file is part of rsyslog. + * + * Rsyslog is free software: you can redistribute it and/or modify + * it under the terms of the GNU General Public License as published by + * the Free Software Foundation, either version 3 of the License, or + * (at your option) any later version. + * + * Rsyslog is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + * GNU General Public License for more details. + * + * You should have received a copy of the GNU General Public License + * along with Rsyslog. If not, see <http://www.gnu.org/licenses/>. + * + * A copy of the GPL can be found in the file "COPYING" in this distribution. + */ +#include "config.h" +#ifdef USE_GSSAPI +#include "rsyslog.h" +#include <stdio.h> +#include <stdarg.h> +#include <stdlib.h> +#include <string.h> +#include <time.h> +#include <netinet/in.h> +#include <netdb.h> +#include <fnmatch.h> +#include <assert.h> +#include <errno.h> +#include <ctype.h> +#include <unistd.h> +#ifdef USE_NETZIP +#include <zlib.h> +#endif +#include <pthread.h> +#include <gssapi/gssapi.h> +#include "syslogd.h" +#include "syslogd-types.h" +#include "srUtils.h" +#include "net.h" +#include "omfwd.h" +#include "template.h" +#include "msg.h" +#include "tcpsyslog.h" +#include "cfsysline.h" +#include "module-template.h" +#include "gss-misc.h" + +#define INET_SUSPEND_TIME 60 /* equal to 1 minute */ + /* rgerhards, 2005-07-26: This was 3 minutes. As the + * same timer is used for tcp based syslog, we have + * reduced it. However, it might actually be worth + * thinking about a buffered tcp sender, which would be + * a much better alternative. When that happens, this + * time here can be re-adjusted to 3 minutes (or, + * even better, made configurable). + */ +#define INET_RETRY_MAX 30 /* maximum of retries for gethostbyname() */ + /* was 10, changed to 30 because we reduced INET_SUSPEND_TIME by one third. So + * this "fixes" some of implications of it (see comment on INET_SUSPEND_TIME). + * rgerhards, 2005-07-26 + */ + +/* internal structures + */ +DEF_OMOD_STATIC_DATA + +typedef struct _instanceData { + char f_hname[MAXHOSTNAMELEN+1]; + short sock; /* file descriptor */ + enum { /* TODO: we shoud revisit these definitions */ + eDestFORW, + eDestFORW_SUSP, + eDestFORW_UNKN + } eDestState; + int iRtryCnt; + struct addrinfo *f_addr; + int compressionLevel; /* 0 - no compression, else level for zlib */ + char *port; + char *savedMsg; + int savedMsgLen; /* length of savedMsg in octets */ + TCPFRAMINGMODE tcp_framing; + enum TCPSendStatus { + TCP_SEND_NOTCONNECTED = 0, + TCP_SEND_CONNECTING = 1, + TCP_SEND_READY = 2 + } status; + time_t ttSuspend; /* time selector was suspended */ + gss_ctx_id_t gss_context; + OM_uint32 gss_flags; +# ifdef USE_PTHREADS + pthread_mutex_t mtxTCPSend; +# endif +} instanceData; + +static char *gss_base_service_name = NULL; +static enum gss_mode_t { + GSSMODE_MIC, + GSSMODE_ENC +} gss_mode = GSSMODE_ENC; + +/* get the syslog forward port from selector_t. The passed in + * struct must be one that is setup for forwarding. + * rgerhards, 2007-06-28 + * We may change the implementation to try to lookup the port + * if it is unspecified. So far, we use the IANA default auf 514. + */ +char *getFwdSyslogPt(instanceData *pData) +{ + assert(pData != NULL); + if(pData->port == NULL) + return("514"); + else + return(pData->port); +} + +/* get send status + * rgerhards, 2005-10-24 + */ +static void TCPSendSetStatus(instanceData *pData, enum TCPSendStatus iNewState) +{ + assert(pData != NULL); + assert( (iNewState == TCP_SEND_NOTCONNECTED) + || (iNewState == TCP_SEND_CONNECTING) + || (iNewState == TCP_SEND_READY)); + + /* there can potentially be a race condition, so guard by mutex */ +# ifdef USE_PTHREADS + pthread_mutex_lock(&pData->mtxTCPSend); +# endif + pData->status = iNewState; +# ifdef USE_PTHREADS + pthread_mutex_unlock(&pData->mtxTCPSend); +# endif +} + + +/* get send status + * rgerhards, 2005-10-24 + */ +static enum TCPSendStatus TCPSendGetStatus(instanceData *pData) +{ + enum TCPSendStatus eState; + assert(pData != NULL); + + /* there can potentially be a race condition, so guard by mutex */ +# ifdef USE_PTHREADS + pthread_mutex_lock(&pData->mtxTCPSend); +# endif + eState = pData->status; +# ifdef USE_PTHREADS + pthread_mutex_unlock(&pData->mtxTCPSend); +# endif + + return eState; +} + + +BEGINcreateInstance +CODESTARTcreateInstance +ENDcreateInstance + + +BEGINisCompatibleWithFeature +CODESTARTisCompatibleWithFeature + if(eFeat == sFEATURERepeatedMsgReduction) + iRet = RS_RET_OK; +ENDisCompatibleWithFeature + + +BEGINfreeInstance +OM_uint32 maj_stat, min_stat; +CODESTARTfreeInstance + switch (pData->eDestState) { + case eDestFORW: + case eDestFORW_SUSP: + freeaddrinfo(pData->f_addr); + /* fall through */ + case eDestFORW_UNKN: + if(pData->port != NULL) + free(pData->port); + break; + } + + if (pData->gss_context != GSS_C_NO_CONTEXT) { + maj_stat = gss_delete_sec_context(&min_stat, &pData->gss_context, GSS_C_NO_BUFFER); + if (maj_stat != GSS_S_COMPLETE) + display_status("deleting context", maj_stat, min_stat); + } + /* this is meant to be done when module is unloaded, + but since this module is static... + */ + if (gss_base_service_name != NULL) { + free(gss_base_service_name); + gss_base_service_name = NULL; + } + +# ifdef USE_PTHREADS + /* delete any mutex objects, if present */ + pthread_mutex_destroy(&pData->mtxTCPSend); +# endif + /* final cleanup */ + if(pData->sock >= 0) + close(pData->sock); +ENDfreeInstance + + +BEGINdbgPrintInstInfo +CODESTARTdbgPrintInstInfo + printf("%s", pData->f_hname); +ENDdbgPrintInstInfo + + +/* CODE FOR SENDING TCP MESSAGES */ + +/* This function is called immediately before a send retry is attempted. + * It shall clean up whatever makes sense. + * rgerhards, 2007-12-28 + */ +static rsRetVal TCPSendGSSPrepRetry(void __attribute__((unused)) *pData) +{ + /* in case of TCP/GSS, there is nothing to do */ + return RS_RET_OK; +} + + +static rsRetVal TCPSendGSSInit(void *pvData) +{ + DEFiRet; + int s = -1; + char *base; + OM_uint32 maj_stat, min_stat, init_sec_min_stat, *sess_flags, ret_flags; + gss_buffer_desc out_tok, in_tok; + gss_buffer_t tok_ptr; + gss_name_t target_name; + gss_ctx_id_t *context; + instanceData *pData = (instanceData *) pvData; + + assert(pData != NULL); + + /* if the socket is already initialized, we are done */ + if(pData->sock > 0) + ABORT_FINALIZE(RS_RET_OK); + + base = (gss_base_service_name == NULL) ? "host" : gss_base_service_name; + out_tok.length = strlen(pData->f_hname) + strlen(base) + 2; + if ((out_tok.value = malloc(out_tok.length)) == NULL) { + ABORT_FINALIZE(RS_RET_OUT_OF_MEMORY); + } + strcpy(out_tok.value, base); + strcat(out_tok.value, "@"); + strcat(out_tok.value, pData->f_hname); + dbgprintf("GSS-API service name: %s\n", (char*) out_tok.value); + + tok_ptr = GSS_C_NO_BUFFER; + context = &pData->gss_context; + *context = GSS_C_NO_CONTEXT; + + maj_stat = gss_import_name(&min_stat, &out_tok, GSS_C_NT_HOSTBASED_SERVICE, &target_name); + free(out_tok.value); + out_tok.value = NULL; + out_tok.length = 0; + + if (maj_stat != GSS_S_COMPLETE) { + display_status("parsing name", maj_stat, min_stat); + goto fail; + } + + sess_flags = &pData->gss_flags; + *sess_flags = GSS_C_MUTUAL_FLAG; + if (gss_mode == GSSMODE_MIC) { + *sess_flags |= GSS_C_INTEG_FLAG; + } + if (gss_mode == GSSMODE_ENC) { + *sess_flags |= GSS_C_CONF_FLAG; + } + dbgprintf("GSS-API requested context flags:\n"); + display_ctx_flags(*sess_flags); + + do { + maj_stat = gss_init_sec_context(&init_sec_min_stat, GSS_C_NO_CREDENTIAL, context, + target_name, GSS_C_NO_OID, *sess_flags, 0, NULL, + tok_ptr, NULL, &out_tok, &ret_flags, NULL); + if (tok_ptr != GSS_C_NO_BUFFER) + free(in_tok.value); + + if (maj_stat != GSS_S_COMPLETE + && maj_stat != GSS_S_CONTINUE_NEEDED) { + display_status("initializing context", maj_stat, init_sec_min_stat); + goto fail; + } + + if (s == -1) + if ((s = pData->sock = TCPSendCreateSocket(pData->f_addr)) == -1) + goto fail; + + if (out_tok.length != 0) { + dbgprintf("GSS-API Sending init_sec_context token (length: %ld)\n", (long) out_tok.length); + if (send_token(s, &out_tok) < 0) { + goto fail; + } + } + gss_release_buffer(&min_stat, &out_tok); + + if (maj_stat == GSS_S_CONTINUE_NEEDED) { + dbgprintf("GSS-API Continue needed...\n"); + if (recv_token(s, &in_tok) <= 0) { + goto fail; + } + tok_ptr = &in_tok; + } + } while (maj_stat == GSS_S_CONTINUE_NEEDED); + + dbgprintf("GSS-API Provided context flags:\n"); + *sess_flags = ret_flags; + display_ctx_flags(*sess_flags); + + dbgprintf("GSS-API Context initialized\n"); + gss_release_name(&min_stat, &target_name); + +finalize_it: + return iRet; + + fail: + logerror("GSS-API Context initialization failed\n"); + gss_release_name(&min_stat, &target_name); + gss_release_buffer(&min_stat, &out_tok); + if (*context != GSS_C_NO_CONTEXT) { + gss_delete_sec_context(&min_stat, context, GSS_C_NO_BUFFER); + *context = GSS_C_NO_CONTEXT; + } + if (s != -1) + close(s); + pData->sock = -1; + return RS_RET_GSS_SENDINIT_ERROR; +} + + +static rsRetVal TCPSendGSSSend(void *pvData, char *msg, size_t len) +{ + int s; + gss_ctx_id_t *context; + OM_uint32 maj_stat, min_stat; + gss_buffer_desc in_buf, out_buf; + instanceData *pData = (instanceData *) pvData; + + assert(pData != NULL); + assert(msg != NULL); + assert(len > 0); + + s = pData->sock; + context = &pData->gss_context; + in_buf.value = msg; + in_buf.length = len; + maj_stat = gss_wrap(&min_stat, *context, (gss_mode == GSSMODE_ENC) ? 1 : 0, GSS_C_QOP_DEFAULT, + &in_buf, NULL, &out_buf); + if (maj_stat != GSS_S_COMPLETE) { + display_status("wrapping message", maj_stat, min_stat); + goto fail; + } + + if (send_token(s, &out_buf) < 0) { + goto fail; + } + gss_release_buffer(&min_stat, &out_buf); + + return RS_RET_OK; + + fail: + close(s); + pData->sock = -1; + gss_delete_sec_context(&min_stat, context, GSS_C_NO_BUFFER); + *context = GSS_C_NO_CONTEXT; + gss_release_buffer(&min_stat, &out_buf); + dbgprintf("message not (GSS/tcp)send"); + return RS_RET_GSS_SEND_ERROR; +} + + +/* try to resume connection if it is not ready + * rgerhards, 2007-08-02 + */ +static rsRetVal doTryResume(instanceData *pData) +{ + DEFiRet; + struct addrinfo *res; + struct addrinfo hints; + unsigned e; + + switch (pData->eDestState) { + case eDestFORW_SUSP: + iRet = RS_RET_OK; /* the actual check happens during doAction() only */ + pData->eDestState = eDestFORW; + break; + + case eDestFORW_UNKN: + /* The remote address is not yet known and needs to be obtained */ + dbgprintf(" %s\n", pData->f_hname); + memset(&hints, 0, sizeof(hints)); + /* port must be numeric, because config file syntax requests this */ + /* TODO: this code is a duplicate from cfline() - we should later create + * a common function. + */ + hints.ai_flags = AI_NUMERICSERV; + hints.ai_family = family; + hints.ai_socktype = SOCK_STREAM; + if((e = getaddrinfo(pData->f_hname, + getFwdSyslogPt(pData), &hints, &res)) == 0) { + dbgprintf("%s found, resuming.\n", pData->f_hname); + pData->f_addr = res; + pData->iRtryCnt = 0; + pData->eDestState = eDestFORW; + } else { + iRet = RS_RET_SUSPENDED; + } + break; + case eDestFORW: + /* rgerhards, 2007-09-11: this can not happen, but I've included it to + * a) make the compiler happy, b) detect any logic errors */ + assert(0); + break; + } + + return iRet; +} + + +BEGINtryResume +CODESTARTtryResume + iRet = doTryResume(pData); +ENDtryResume + +BEGINdoAction + char *psz; /* temporary buffering */ + register unsigned l; +CODESTARTdoAction + switch (pData->eDestState) { + case eDestFORW_SUSP: + dbgprintf("internal error in omgssapi.c, eDestFORW_SUSP in doAction()!\n"); + iRet = RS_RET_SUSPENDED; + break; + + case eDestFORW_UNKN: + dbgprintf("doAction eDestFORW_UNKN\n"); + iRet = doTryResume(pData); + break; + + case eDestFORW: + dbgprintf(" %s:%s/%s\n", pData->f_hname, getFwdSyslogPt(pData), "tcp-gssapi"); + pData->ttSuspend = time(NULL); + psz = (char*) ppString[0]; + l = strlen((char*) psz); + if (l > MAXLINE) + l = MAXLINE; + +# ifdef USE_NETZIP + /* Check if we should compress and, if so, do it. We also + * check if the message is large enough to justify compression. + * The smaller the message, the less likely is a gain in compression. + * To save CPU cycles, we do not try to compress very small messages. + * What "very small" means needs to be configured. Currently, it is + * hard-coded but this may be changed to a config parameter. + * rgerhards, 2006-11-30 + */ + if(pData->compressionLevel && (l > MIN_SIZE_FOR_COMPRESS)) { + Bytef out[MAXLINE+MAXLINE/100+12] = "z"; + uLongf destLen = sizeof(out) / sizeof(Bytef); + uLong srcLen = l; + int ret; + ret = compress2((Bytef*) out+1, &destLen, (Bytef*) psz, + srcLen, pData->compressionLevel); + dbgprintf("Compressing message, length was %d now %d, return state %d.\n", + l, (int) destLen, ret); + if(ret != Z_OK) { + /* if we fail, we complain, but only in debug mode + * Otherwise, we are silent. In any case, we ignore the + * failed compression and just sent the uncompressed + * data, which is still valid. So this is probably the + * best course of action. + * rgerhards, 2006-11-30 + */ + dbgprintf("Compression failed, sending uncompressed message\n"); + } else if(destLen+1 < l) { + /* only use compression if there is a gain in using it! */ + dbgprintf("there is gain in compression, so we do it\n"); + psz = (char*) out; + l = destLen + 1; /* take care for the "z" at message start! */ + } + ++destLen; + } +# endif + + CHKiRet_Hdlr(TCPSend(pData, psz, l, pData->tcp_framing, TCPSendGSSInit, TCPSendGSSSend, TCPSendGSSPrepRetry)) { + /* error! */ + dbgprintf("error forwarding via tcp, suspending\n"); + pData->eDestState = eDestFORW_SUSP; + iRet = RS_RET_SUSPENDED; + } + break; + } +ENDdoAction + + +BEGINparseSelectorAct + uchar *q; + int i; + int error; + int bErr; + struct addrinfo hints, *res; +CODESTARTparseSelectorAct +CODE_STD_STRING_REQUESTparseSelectorAct(1) + /* first check if this config line is actually for us + * The first test [*p == '>'] can be skipped if a module shall only + * support the newer slection syntax [:modname:]. This is in fact + * recommended for new modules. Please note that over time this part + * will be handled by rsyslogd itself, but for the time being it is + * a good compromise to do it at the module level. + * rgerhards, 2007-10-15 + */ + + if(!strncmp((char*) p, ":omgssapi:", sizeof(":omgssapi:") - 1)) { + p += sizeof(":omgssapi:") - 1; /* eat indicator sequence (-1 because of '\0'!) */ + } else { + ABORT_FINALIZE(RS_RET_CONFLINE_UNPROCESSED); + } + + /* ok, if we reach this point, we have something for us */ + if((iRet = createInstance(&pData)) != RS_RET_OK) + goto finalize_it; + +# ifdef USE_PTHREADS + pthread_mutex_init(&pData->mtxTCPSend, 0); +# endif + + /* we are now after the protocol indicator. Now check if we should + * use compression. We begin to use a new option format for this: + * @(option,option)host:port + * The first option defined is "z[0..9]" where the digit indicates + * the compression level. If it is not given, 9 (best compression) is + * assumed. An example action statement might be: + * @@(z5,o)127.0.0.1:1400 + * Which means send via TCP with medium (5) compresion (z) to the local + * host on port 1400. The '0' option means that octet-couting (as in + * IETF I-D syslog-transport-tls) is to be used for framing (this option + * applies to TCP-based syslog only and is ignored when specified with UDP). + * That is not yet implemented. + * rgerhards, 2006-12-07 + */ + if(*p == '(') { + /* at this position, it *must* be an option indicator */ + do { + ++p; /* eat '(' or ',' (depending on when called) */ + /* check options */ + if(*p == 'z') { /* compression */ +# ifdef USE_NETZIP + ++p; /* eat */ + if(isdigit((int) *p)) { + int iLevel; + iLevel = *p - '0'; + ++p; /* eat */ + pData->compressionLevel = iLevel; + } else { + logerrorInt("Invalid compression level '%c' specified in " + "forwardig action - NOT turning on compression.", + *p); + } +# else + logerror("Compression requested, but rsyslogd is not compiled " + "with compression support - request ignored."); +# endif /* #ifdef USE_NETZIP */ + } else if(*p == 'o') { /* octet-couting based TCP framing? */ + ++p; /* eat */ + /* no further options settable */ + pData->tcp_framing = TCP_FRAMING_OCTET_COUNTING; + } else { /* invalid option! Just skip it... */ + logerrorInt("Invalid option %c in forwarding action - ignoring.", *p); + ++p; /* eat invalid option */ + } + /* the option processing is done. We now do a generic skip + * to either the next option or the end of the option + * block. + */ + while(*p && *p != ')' && *p != ',') + ++p; /* just skip it */ + } while(*p && *p == ','); /* Attention: do.. while() */ + if(*p == ')') + ++p; /* eat terminator, on to next */ + else + /* we probably have end of string - leave it for the rest + * of the code to handle it (but warn the user) + */ + logerror("Option block not terminated in gssapi forward action."); + } + /* extract the host first (we do a trick - we replace the ';' or ':' with a '\0') + * now skip to port and then template name. rgerhards 2005-07-06 + */ + for(q = p ; *p && *p != ';' && *p != ':' ; ++p) + /* JUST SKIP */; + + pData->port = NULL; + if(*p == ':') { /* process port */ + uchar * tmp; + + *p = '\0'; /* trick to obtain hostname (later)! */ + tmp = ++p; + for(i=0 ; *p && isdigit((int) *p) ; ++p, ++i) + /* SKIP AND COUNT */; + pData->port = malloc(i + 1); + if(pData->port == NULL) { + logerror("Could not get memory to store syslog forwarding port, " + "using default port, results may not be what you intend\n"); + /* we leave f_forw.port set to NULL, this is then handled by + * getFwdSyslogPt(). + */ + } else { + memcpy(pData->port, tmp, i); + *(pData->port + i) = '\0'; + } + } + + /* now skip to template */ + bErr = 0; + while(*p && *p != ';') { + if(*p && *p != ';' && !isspace((int) *p)) { + if(bErr == 0) { /* only 1 error msg! */ + bErr = 1; + errno = 0; + logerror("invalid selector line (port), probably not doing " + "what was intended"); + } + } + ++p; + } + + /* TODO: make this if go away! */ + if(*p == ';') { + *p = '\0'; /* trick to obtain hostname (later)! */ + strcpy(pData->f_hname, (char*) q); + *p = ';'; + } else + strcpy(pData->f_hname, (char*) q); + + /* process template */ + if((iRet = cflineParseTemplateName(&p, *ppOMSR, 0, OMSR_NO_RQD_TPL_OPTS, (uchar*) " StdFwdFmt")) + != RS_RET_OK) + goto finalize_it; + + /* first set the pData->eDestState */ + memset(&hints, 0, sizeof(hints)); + /* port must be numeric, because config file syntax requests this */ + hints.ai_flags = AI_NUMERICSERV; + hints.ai_family = family; + hints.ai_socktype = SOCK_STREAM; + if( (error = getaddrinfo(pData->f_hname, getFwdSyslogPt(pData), &hints, &res)) != 0) { + pData->eDestState = eDestFORW_UNKN; + pData->iRtryCnt = INET_RETRY_MAX; + pData->ttSuspend = time(NULL); + } else { + pData->eDestState = eDestFORW; + pData->f_addr = res; + } + + /* TODO: do we need to call freeInstance if we failed - this is a general question for + * all output modules. I'll address it lates as the interface evolves. rgerhards, 2007-07-25 + */ +CODE_STD_FINALIZERparseSelectorAct +ENDparseSelectorAct + + +BEGINneedUDPSocket +CODESTARTneedUDPSocket + iRet = RS_RET_FALSE; +ENDneedUDPSocket + + +BEGINonSelectReadyWrite +CODESTARTonSelectReadyWrite + dbgprintf("tcp send socket %d ready for writing.\n", pData->sock); + TCPSendSetStatus(pData, TCP_SEND_READY); + /* Send stored message (if any) */ + if(pData->savedMsg != NULL) { + if(TCPSend(pData, pData->savedMsg, pData->savedMsgLen, pData->tcp_framing, + TCPSendGSSInit, TCPSendGSSSend, TCPSendGSSPrepRetry) != RS_RET_OK) { + /* error! */ + pData->eDestState = eDestFORW_SUSP; + errno = 0; + logerror("error forwarding via tcp, suspending..."); + } + free(pData->savedMsg); + pData->savedMsg = NULL; + } +ENDonSelectReadyWrite + + +BEGINgetWriteFDForSelect +CODESTARTgetWriteFDForSelect + if( (pData->eDestState == eDestFORW) + && TCPSendGetStatus(pData) == TCP_SEND_CONNECTING) { + *fd = pData->sock; + iRet = RS_RET_OK; + } +ENDgetWriteFDForSelect + + + + +BEGINmodExit +CODESTARTmodExit +ENDmodExit + + +BEGINqueryEtryPt +CODESTARTqueryEtryPt +CODEqueryEtryPt_STD_OMOD_QUERIES +ENDqueryEtryPt + + +/* set a new GSSMODE based on config directive */ +static rsRetVal setGSSMode(void __attribute__((unused)) *pVal, uchar *mode) +{ + if (!strcmp((char *) mode, "integrity")) { + gss_mode = GSSMODE_MIC; + free(mode); + dbgprintf("GSS-API gssmode set to GSSMODE_MIC\n"); + } else if (!strcmp((char *) mode, "encryption")) { + gss_mode = GSSMODE_ENC; + free(mode); + dbgprintf("GSS-API gssmode set to GSSMODE_ENC\n"); + } else { + logerrorSz("unknown gssmode parameter: %s", (char *) mode); + free(mode); + return RS_RET_ERR; + } + + return RS_RET_OK; +} + + +static rsRetVal resetConfigVariables(uchar __attribute__((unused)) *pp, void __attribute__((unused)) *pVal) +{ + gss_mode = GSSMODE_ENC; + if (gss_base_service_name != NULL) { + free(gss_base_service_name); + gss_base_service_name = NULL; + } + return RS_RET_OK; +} + + +BEGINmodInit() +CODESTARTmodInit + *ipIFVersProvided = 1; /* so far, we only support the initial definition */ +CODEmodInit_QueryRegCFSLineHdlr + CHKiRet(omsdRegCFSLineHdlr((uchar *)"gssforwardservicename", 0, eCmdHdlrGetWord, NULL, &gss_base_service_name, STD_LOADABLE_MODULE_ID)); + CHKiRet(omsdRegCFSLineHdlr((uchar *)"gssmode", 0, eCmdHdlrGetWord, setGSSMode, &gss_mode, STD_LOADABLE_MODULE_ID)); + CHKiRet(omsdRegCFSLineHdlr((uchar *)"resetconfigvariables", 1, eCmdHdlrCustomHandler, resetConfigVariables, NULL, STD_LOADABLE_MODULE_ID)); +ENDmodInit + +#endif /* #ifdef USE_GSSAPI */ +/* + * vi:set ai: + */ @@ -69,6 +69,10 @@ enum rsRetVal_ /** return value. All methods return this if not specified oth RS_RET_INVALID_SOURCE = -2019, /**< source (address) invalid for some reason */ RS_RET_ADDRESS_UNKNOWN = -2020, /**< an address is unknown - not necessarily an error */ RS_RET_MALICIOUS_ENTITY = -2021, /**< there is an malicious entity involved */ + RS_RET_TCP_SEND_ERROR = -2023, /**< error during TCP send process */ + RS_RET_GSS_SEND_ERROR = -2024, /**< error during GSS (via TCP) send process */ + RS_RET_TCP_SOCKCREATE_ERR = -2025, /**< error during creation of TCP socket */ + RS_RET_GSS_SENDINIT_ERROR = -2024, /**< error during GSS (via TCP) send initialization process */ RS_RET_OK_DELETE_LISTENTRY = 1, /**< operation successful, but callee requested the deletion of an entry (special state) */ RS_RET_OK = 0 /**< operation successful */ }; @@ -311,19 +311,6 @@ #endif -/* IPv6 compatibility layer for older platforms - * We need to handle a few things different if we are running - * on an older platform which does not support all the glory - * of IPv6. We try to limit toll on features and reliability, - * but obviously it is better to run rsyslog on a platform that - * supports everything... - * rgerhards, 2007-06-22 - */ -#ifndef AI_NUMERICSERV -# define AI_NUMERICSERV 0 -#endif - - static uchar *ConfFile = (uchar*) _PATH_LOGCONF; /* read-only after startup */ static char *PidFile = _PATH_LOGPID; /* read-only after startup */ static uchar *pModDir = NULL; /* read-only after startup */ diff --git a/tcpsyslog.c b/tcpsyslog.c index 1891505..c769310 100644 --- a/tcpsyslog.c +++ b/tcpsyslog.c @@ -43,7 +43,7 @@ #include <fcntl.h> #endif #if defined(SYSLOG_INET) && defined(USE_GSSAPI) -#include <gssapi.h> +#include <gssapi/gssapi.h> #endif #include "syslogd.h" #include "syslogd-types.h" @@ -420,7 +420,9 @@ int TCPSessAccept(int fd) uchar fromHost[NI_MAXHOST]; uchar fromHostFQDN[NI_MAXHOST]; char *pBuf; +#ifdef USE_GSSAPI char allowedMethods = 0; +#endif newConn = accept(fd, (struct sockaddr*) &addr, &addrlen); if (newConn < 0) { @@ -983,6 +985,282 @@ void TCPSessGSSDeinit(void) { * ### END OF SYSLOG/TCP CODE ### ********************************************************************/ +/* ----------------------------------------------------------------- * + * CODE THAT SHALL GO INTO ITS OWN MODULE (SENDING) * + * ----------------------------------------------------------------- */ + +/* Initialize TCP sockets (for sender) + * This is done once per selector line, if not yet initialized. + */ +int TCPSendCreateSocket(struct addrinfo *addrDest) +{ + int fd; + struct addrinfo *r; + + r = addrDest; + + while(r != NULL) { + fd = socket(r->ai_family, r->ai_socktype, r->ai_protocol); + if (fd != -1) { + /* We can not allow the TCP sender to block syslogd, at least + * not in a single-threaded design. That would cause rsyslogd to + * loose input messages - which obviously also would affect + * other selector lines, too. So we do set it to non-blocking and + * handle the situation ourselfs (by discarding messages). IF we run + * dual-threaded, however, the situation is different: in this case, + * the receivers and the selector line processing are only loosely + * coupled via a memory buffer. Now, I think, we can afford the extra + * wait time. Thus, we enable blocking mode for TCP if we compile with + * pthreads. -- rgerhards, 2005-10-25 + * And now, we always run on multiple threads... -- rgerhards, 2007-12-20 + */ + if (connect (fd, r->ai_addr, r->ai_addrlen) != 0) { + if(errno == EINPROGRESS) { + /* this is normal - will complete later select */ + return fd; + } else { + char errStr[1024]; + dbgprintf("create tcp connection failed, reason %s", + strerror_r(errno, errStr, sizeof(errStr))); + } + + } + else { + return fd; + } + close(fd); + } + else { + char errStr[1024]; + dbgprintf("couldn't create send socket, reason %s", strerror_r(errno, errStr, sizeof(errStr))); + } + r = r->ai_next; + } + + dbgprintf("no working socket could be obtained"); + + return -1; +} + + + +/* Build frame based on selected framing + * This function was created by pulling code from TCPSend() + * on 2007-12-27 by rgerhards. Older comments are still relevant. + * + * In order to support compressed messages via TCP, we must support an + * octet-counting based framing (LF may be part of the compressed message). + * We are now supporting the same mode that is available in IETF I-D + * syslog-transport-tls-05 (current at the time of this writing). This also + * eases things when we go ahead and implement that framing. I have now made + * available two cases where this framing is used: either by explitely + * specifying it in the config file or implicitely when sending a compressed + * message. In the later case, compressed and uncompressed messages within + * the same session have different framings. If it is explicitely set to + * octet-counting, only this framing mode is used within the session. + * rgerhards, 2006-12-07 + */ +static rsRetVal TCPSendBldFrame(TCPFRAMINGMODE rqdFraming, char **pmsg, size_t *plen, int *pbMustBeFreed) +{ + DEFiRet; + TCPFRAMINGMODE framingToUse; + int bIsCompressed; + size_t len; + char *msg; + char *buf = NULL; /* if this is non-NULL, it MUST be freed before return! */ + + assert(plen != NULL); + assert(pbMustBeFreed != NULL); + assert(pmsg != NULL); + + msg = *pmsg; + len = *plen; + bIsCompressed = *msg == 'z'; /* cache this, so that we can modify the message buffer */ + /* select framing for this record. If we have a compressed record, we always need to + * use octet counting because the data potentially contains all control characters + * including LF. + */ + framingToUse = bIsCompressed ? TCP_FRAMING_OCTET_COUNTING : rqdFraming; + + /* now check if we need to add a line terminator. We need to + * copy the string in memory in this case, this is probably + * quicker than using writev and definitely quicker than doing + * two socket calls. + * rgerhards 2005-07-22 + * + * Some messages already contain a \n character at the end + * of the message. We append one only if we there is not + * already one. This seems the best fit, though this also + * means the message does not arrive unaltered at the final + * destination. But in the spirit of legacy syslog, this is + * probably the best to do... + * rgerhards 2005-07-20 + */ + + /* Build frame based on selected framing */ + if(framingToUse == TCP_FRAMING_OCTET_STUFFING) { + if((*(msg+len-1) != '\n')) { + /* in the malloc below, we need to add 2 to the length. The + * reason is that we a) add one character and b) len does + * not take care of the '\0' byte. Up until today, it was just + * +1 , which caused rsyslogd to sometimes dump core. + * I have added this comment so that the logic is not accidently + * changed again. rgerhards, 2005-10-25 + */ + if((buf = malloc((len + 2) * sizeof(char))) == NULL) { + /* extreme mem shortage, try to solve + * as good as we can. No point in calling + * any alarms, they might as well run out + * of memory (the risk is very high, so we + * do NOT risk that). If we have a message of + * more than 1 byte (what I guess), we simply + * overwrite the last character. + * rgerhards 2005-07-22 + */ + if(len > 1) { + *(msg+len-1) = '\n'; + } else { + /* we simply can not do anything in + * this case (its an error anyhow...). + */ + } + } else { + /* we got memory, so we can copy the message */ + memcpy(buf, msg, len); /* do not copy '\0' */ + *(buf+len) = '\n'; + *(buf+len+1) = '\0'; + msg = buf; /* use new one */ + ++len; /* care for the \n */ + } + } + } else { + /* Octect-Counting + * In this case, we need to always allocate a buffer. This is because + * we need to put a header in front of the message text + */ + char szLenBuf[16]; + int iLenBuf; + + /* important: the printf-mask is "%d<sp>" because there must be a + * space after the len! + *//* The chairs of the IETF syslog-sec WG have announced that it is + * consensus to do the octet count on the SYSLOG-MSG part only. I am + * now changing the code to reflect this. Hopefully, it will not change + * once again (there can no compatibility layer programmed for this). + * To be on the save side, I just comment the code out. I mark these + * comments with "IETF20061218". + * rgerhards, 2006-12-19 + */ + iLenBuf = snprintf(szLenBuf, sizeof(szLenBuf)/sizeof(char), "%d ", (int) len); + /* IETF20061218 iLenBuf = + snprintf(szLenBuf, sizeof(szLenBuf)/sizeof(char), "%d ", len + iLenBuf);*/ + + if((buf = malloc((len + iLenBuf) * sizeof(char))) == NULL) { + /* we are out of memory. This is an extreme situation. We do not + * call any alarm handlers because they most likely run out of mem, + * too. We are brave enough to call debug output, though. Other than + * that, there is nothing left to do. We can not sent the message (as + * in case of the other framing, because the message is incomplete. + * We could, however, send two chunks (header and text separate), but + * that would cause a lot of complexity in the code. So we think it + * is appropriate enough to just make sure we do not crash in this + * very unlikely case. For this, it is justified just to loose + * the message. Rgerhards, 2006-12-07 + */ + dbgprintf("Error: out of memory when building TCP octet-counted " + "frame. Message is lost, trying to continue.\n"); + ABORT_FINALIZE(RS_RET_OUT_OF_MEMORY); + } + + memcpy(buf, szLenBuf, iLenBuf); /* header */ + memcpy(buf + iLenBuf, msg, len); /* message */ + len += iLenBuf; /* new message size */ + msg = buf; /* set message buffer */ + } + + /* frame building complete, on to actual sending */ + + *plen = len; + if(buf == NULL) { + /* msg not modified */ + *pbMustBeFreed = 0; + } else { + *pmsg = msg; + *pbMustBeFreed = 1; + } + +finalize_it: + return iRet; +} + + +/* Sends a TCP message. It is first checked if the + * session is open and, if not, it is opened. Then the send + * is tried. If it fails, one silent re-try is made. If the send + * fails again, an error status (-1) is returned. If all goes well, + * 0 is returned. The TCP session is NOT torn down. + * For now, EAGAIN is ignored (causing message loss) - but it is + * hard to do something intelligent in this case. With this + * implementation here, we can not block and/or defer. Things are + * probably a bit better when we move to liblogging. The alternative + * would be to enhance the current select server with buffering and + * write descriptors. This seems not justified, given the expected + * short life span of this code (and the unlikeliness of this event). + * rgerhards 2005-07-06 + * This function is now expected to stay. Libloging won't be used for + * that purpose. I have added the param "len", because it is known by the + * caller and so saves us some time. Also, it MUST be given because there + * may be NULs inside msg so that we can not rely on strlen(). Please note + * that the restrictions outlined above do not existin in multi-threaded + * mode, which we assume will now be most often used. So there is no + * real issue with the potential message loss in single-threaded builds. + * rgerhards, 2006-11-30 + * I greatly restructured the function to be more generic and work + * with function pointers. So it now can be used with any type of transport, + * as long as it follows stream semantics. This was initially done to + * support plain TCP and GSS via common code. + */ +int TCPSend(void *pData, char *msg, size_t len, TCPFRAMINGMODE rqdFraming, + rsRetVal (*initFunc)(void*), + rsRetVal (*sendFunc)(void*, char*, size_t), + rsRetVal (*prepRetryFunc)(void*)) +{ + DEFiRet; + int bDone = 0; + int retry = 0; + int bMsgMustBeFreed = 0;/* must msg be freed at end of function? 0 - no, 1 - yes */ + + assert(pData != NULL); + assert(msg != NULL); + assert(len > 0); + + CHKiRet(TCPSendBldFrame(rqdFraming, &msg, &len, &bMsgMustBeFreed)); + + while(!bDone) { /* loop is broken when send succeeds or error occurs */ + CHKiRet(initFunc(pData)); + iRet = sendFunc(pData, msg, len); + + if(iRet == RS_RET_OK || retry > 0) { + /* we are done - either we succeeded or the retry failed */ + bDone = 1; + } else { /* OK, one retry */ + ++retry; + CHKiRet(prepRetryFunc(pData)); /* try to recover */ + } + } + +finalize_it: + if(bMsgMustBeFreed) + free(msg); + return iRet; +} + + +/* ----------------------------------------------------------------- * + * END OF CODE THAT SHALL GO INTO ITS OWN MODULE * + * ----------------------------------------------------------------- */ + + /* * vi:set ai: diff --git a/tcpsyslog.h b/tcpsyslog.h index a68e893..de818df 100644 --- a/tcpsyslog.h +++ b/tcpsyslog.h @@ -25,7 +25,7 @@ #define TCPSYSLOG_H_INCLUDED 1 #if defined(SYSLOG_INET) && defined(USE_GSSAPI) -#include <gssapi.h> +#include <gssapi/gssapi.h> #endif struct TCPSession { @@ -73,6 +73,12 @@ void TCPSessGSSClose(int sess); void TCPSessGSSDeinit(void); #endif +/* TCP Send support (shall go into its own module later) */ +int TCPSendCreateSocket(struct addrinfo *addrDest); +int TCPSend(void *pData, char *msg, size_t len, TCPFRAMINGMODE rqdFraming, + rsRetVal (*initFunc)(void*), + rsRetVal (*sendFunc)(void*, char*, size_t), + rsRetVal (*prepRetryFunc)(void*)); #endif /* #ifndef TCPSYSLOG_H_INCLUDED */ /* * vi:set ai: |