diff options
| author | Michael Biebl <biebl@debian.org> | 2008-03-29 12:14:47 +0100 |
|---|---|---|
| committer | Michael Biebl <biebl@debian.org> | 2008-03-29 12:14:47 +0100 |
| commit | 9a7c5b2414911cfe8919b9f376cfc047259081b7 (patch) | |
| tree | 11052b804d3eb489bab2c90c94c41fdd90732eda | |
| parent | 12e8c69354614a03f06a8617f25d145ab091f504 (diff) | |
| download | rsyslog-9a7c5b2414911cfe8919b9f376cfc047259081b7.tar.gz | |
Imported Upstream version 1.21.0upstream/1.21.0
| -rw-r--r-- | ChangeLog | 7 | ||||
| -rw-r--r-- | config.h.in | 5 | ||||
| -rwxr-xr-x | configure | 76 | ||||
| -rw-r--r-- | configure.ac | 7 | ||||
| -rw-r--r-- | doc/features.html | 1 | ||||
| -rw-r--r-- | doc/rsconf1_includeconfig.html | 3 | ||||
| -rw-r--r-- | doc/status.html | 8 | ||||
| -rw-r--r-- | gss-misc.c | 10 | ||||
| -rw-r--r-- | omfwd.c | 7 | ||||
| -rw-r--r-- | rsyslog.h | 4 | ||||
| -rw-r--r-- | sync.h | 8 | ||||
| -rw-r--r-- | syslogd.c | 145 | ||||
| -rw-r--r-- | syslogd.h | 3 | ||||
| -rw-r--r-- | tcpsyslog.c | 215 | ||||
| -rw-r--r-- | tcpsyslog.h | 6 |
15 files changed, 360 insertions, 145 deletions
@@ -1,4 +1,11 @@ --------------------------------------------------------------------------- +Version 1.21.0 (rgerhards), 2007-12-19 +- GSS-API support for syslog/TCP connections was added. Thanks to + varmojfekoj for providing the patch with this functionality +- code cleanup +- enhanced $IncludeConfig directive to support wildcard filenames +- changed some multithreading synchronization +--------------------------------------------------------------------------- Version 1.20.1 (rgerhards), 2007-12-12 - corrected a debug setting that survived release. Caused TCP connections to be retried unnecessarily often. diff --git a/config.h.in b/config.h.in index ff5364b..61c5edd 100644 --- a/config.h.in +++ b/config.h.in @@ -290,6 +290,11 @@ /* Version number of package */ #undef VERSION +/* Enable GNU extensions on systems that have them. */ +#ifndef _GNU_SOURCE +# undef _GNU_SOURCE +#endif + /* Define for Solaris 2.5.1 so the uint8_t typedef from <sys/synch.h>, <pthread.h>, or <semaphore.h> is not used. If the typedef was allowed, the #define below would cause a syntax error. */ @@ -1,6 +1,6 @@ #! /bin/sh # Guess values for system-dependent variables and create Makefiles. -# Generated by GNU Autoconf 2.61 for rsyslog 1.20.1. +# Generated by GNU Autoconf 2.61 for rsyslog 1.21.0. # # Report bugs to <rsyslog@lists.adiscon.com.>. # @@ -728,8 +728,8 @@ SHELL=${CONFIG_SHELL-/bin/sh} # Identity of this package. PACKAGE_NAME='rsyslog' PACKAGE_TARNAME='rsyslog' -PACKAGE_VERSION='1.20.1' -PACKAGE_STRING='rsyslog 1.20.1' +PACKAGE_VERSION='1.21.0' +PACKAGE_STRING='rsyslog 1.21.0' PACKAGE_BUGREPORT='rsyslog@lists.adiscon.com.' ac_unique_file="syslogd.c" @@ -1407,7 +1407,7 @@ if test "$ac_init_help" = "long"; then # Omit some internal or obsolete options to make the list less imposing. # This message is too long to be a string in the A/UX 3.1 sh. cat <<_ACEOF -\`configure' configures rsyslog 1.20.1 to adapt to many kinds of systems. +\`configure' configures rsyslog 1.21.0 to adapt to many kinds of systems. Usage: $0 [OPTION]... [VAR=VALUE]... @@ -1477,7 +1477,7 @@ fi if test -n "$ac_init_help"; then case $ac_init_help in - short | recursive ) echo "Configuration of rsyslog 1.20.1:";; + short | recursive ) echo "Configuration of rsyslog 1.21.0:";; esac cat <<\_ACEOF @@ -1591,7 +1591,7 @@ fi test -n "$ac_init_help" && exit $ac_status if $ac_init_version; then cat <<\_ACEOF -rsyslog configure 1.20.1 +rsyslog configure 1.21.0 generated by GNU Autoconf 2.61 Copyright (C) 1992, 1993, 1994, 1995, 1996, 1998, 1999, 2000, 2001, @@ -1605,7 +1605,7 @@ cat >config.log <<_ACEOF This file contains any messages produced by compilers while running configure, to aid debugging if configure makes a mistake. -It was created by rsyslog $as_me 1.20.1, which was +It was created by rsyslog $as_me 1.21.0, which was generated by GNU Autoconf 2.61. Invocation command line was $ $0 $@ @@ -2295,7 +2295,7 @@ fi # Define the identity of the package. PACKAGE='rsyslog' - VERSION='1.20.1' + VERSION='1.21.0' cat >>confdefs.h <<_ACEOF @@ -2445,6 +2445,13 @@ am__tar='${AMTAR} chof - "$$tardir"'; am__untar='${AMTAR} xf -' ac_config_headers="$ac_config_headers config.h" + +cat >>confdefs.h <<\_ACEOF +#define _GNU_SOURCE 1 +_ACEOF + + + # Checks for programs. ac_ext=c ac_cpp='$CPP $CPPFLAGS' @@ -4473,7 +4480,7 @@ ia64-*-hpux*) ;; *-*-irix6*) # Find out which ABI we are using. - echo '#line 4476 "configure"' > conftest.$ac_ext + echo '#line 4483 "configure"' > conftest.$ac_ext if { (eval echo "$as_me:$LINENO: \"$ac_compile\"") >&5 (eval $ac_compile) 2>&5 ac_status=$? @@ -7216,11 +7223,11 @@ else -e 's:.*FLAGS}\{0,1\} :&$lt_compiler_flag :; t' \ -e 's: [^ ]*conftest\.: $lt_compiler_flag&:; t' \ -e 's:$: $lt_compiler_flag:'` - (eval echo "\"\$as_me:7219: $lt_compile\"" >&5) + (eval echo "\"\$as_me:7226: $lt_compile\"" >&5) (eval "$lt_compile" 2>conftest.err) ac_status=$? cat conftest.err >&5 - echo "$as_me:7223: \$? = $ac_status" >&5 + echo "$as_me:7230: \$? = $ac_status" >&5 if (exit $ac_status) && test -s "$ac_outfile"; then # The compiler can only warn and ignore the option if not recognized # So say no if there are warnings other than the usual output. @@ -7506,11 +7513,11 @@ else -e 's:.*FLAGS}\{0,1\} :&$lt_compiler_flag :; t' \ -e 's: [^ ]*conftest\.: $lt_compiler_flag&:; t' \ -e 's:$: $lt_compiler_flag:'` - (eval echo "\"\$as_me:7509: $lt_compile\"" >&5) + (eval echo "\"\$as_me:7516: $lt_compile\"" >&5) (eval "$lt_compile" 2>conftest.err) ac_status=$? cat conftest.err >&5 - echo "$as_me:7513: \$? = $ac_status" >&5 + echo "$as_me:7520: \$? = $ac_status" >&5 if (exit $ac_status) && test -s "$ac_outfile"; then # The compiler can only warn and ignore the option if not recognized # So say no if there are warnings other than the usual output. @@ -7610,11 +7617,11 @@ else -e 's:.*FLAGS}\{0,1\} :&$lt_compiler_flag :; t' \ -e 's: [^ ]*conftest\.: $lt_compiler_flag&:; t' \ -e 's:$: $lt_compiler_flag:'` - (eval echo "\"\$as_me:7613: $lt_compile\"" >&5) + (eval echo "\"\$as_me:7620: $lt_compile\"" >&5) (eval "$lt_compile" 2>out/conftest.err) ac_status=$? cat out/conftest.err >&5 - echo "$as_me:7617: \$? = $ac_status" >&5 + echo "$as_me:7624: \$? = $ac_status" >&5 if (exit $ac_status) && test -s out/conftest2.$ac_objext then # The compiler can only warn and ignore the option if not recognized @@ -9961,7 +9968,7 @@ else lt_dlunknown=0; lt_dlno_uscore=1; lt_dlneed_uscore=2 lt_status=$lt_dlunknown cat > conftest.$ac_ext <<EOF -#line 9964 "configure" +#line 9971 "configure" #include "confdefs.h" #if HAVE_DLFCN_H @@ -10061,7 +10068,7 @@ else lt_dlunknown=0; lt_dlno_uscore=1; lt_dlneed_uscore=2 lt_status=$lt_dlunknown cat > conftest.$ac_ext <<EOF -#line 10064 "configure" +#line 10071 "configure" #include "confdefs.h" #if HAVE_DLFCN_H @@ -12481,11 +12488,11 @@ else -e 's:.*FLAGS}\{0,1\} :&$lt_compiler_flag :; t' \ -e 's: [^ ]*conftest\.: $lt_compiler_flag&:; t' \ -e 's:$: $lt_compiler_flag:'` - (eval echo "\"\$as_me:12484: $lt_compile\"" >&5) + (eval echo "\"\$as_me:12491: $lt_compile\"" >&5) (eval "$lt_compile" 2>conftest.err) ac_status=$? cat conftest.err >&5 - echo "$as_me:12488: \$? = $ac_status" >&5 + echo "$as_me:12495: \$? = $ac_status" >&5 if (exit $ac_status) && test -s "$ac_outfile"; then # The compiler can only warn and ignore the option if not recognized # So say no if there are warnings other than the usual output. @@ -12585,11 +12592,11 @@ else -e 's:.*FLAGS}\{0,1\} :&$lt_compiler_flag :; t' \ -e 's: [^ ]*conftest\.: $lt_compiler_flag&:; t' \ -e 's:$: $lt_compiler_flag:'` - (eval echo "\"\$as_me:12588: $lt_compile\"" >&5) + (eval echo "\"\$as_me:12595: $lt_compile\"" >&5) (eval "$lt_compile" 2>out/conftest.err) ac_status=$? cat out/conftest.err >&5 - echo "$as_me:12592: \$? = $ac_status" >&5 + echo "$as_me:12599: \$? = $ac_status" >&5 if (exit $ac_status) && test -s out/conftest2.$ac_objext then # The compiler can only warn and ignore the option if not recognized @@ -14149,11 +14156,11 @@ else -e 's:.*FLAGS}\{0,1\} :&$lt_compiler_flag :; t' \ -e 's: [^ ]*conftest\.: $lt_compiler_flag&:; t' \ -e 's:$: $lt_compiler_flag:'` - (eval echo "\"\$as_me:14152: $lt_compile\"" >&5) + (eval echo "\"\$as_me:14159: $lt_compile\"" >&5) (eval "$lt_compile" 2>conftest.err) ac_status=$? cat conftest.err >&5 - echo "$as_me:14156: \$? = $ac_status" >&5 + echo "$as_me:14163: \$? = $ac_status" >&5 if (exit $ac_status) && test -s "$ac_outfile"; then # The compiler can only warn and ignore the option if not recognized # So say no if there are warnings other than the usual output. @@ -14253,11 +14260,11 @@ else -e 's:.*FLAGS}\{0,1\} :&$lt_compiler_flag :; t' \ -e 's: [^ ]*conftest\.: $lt_compiler_flag&:; t' \ -e 's:$: $lt_compiler_flag:'` - (eval echo "\"\$as_me:14256: $lt_compile\"" >&5) + (eval echo "\"\$as_me:14263: $lt_compile\"" >&5) (eval "$lt_compile" 2>out/conftest.err) ac_status=$? cat out/conftest.err >&5 - echo "$as_me:14260: \$? = $ac_status" >&5 + echo "$as_me:14267: \$? = $ac_status" >&5 if (exit $ac_status) && test -s out/conftest2.$ac_objext then # The compiler can only warn and ignore the option if not recognized @@ -16442,11 +16449,11 @@ else -e 's:.*FLAGS}\{0,1\} :&$lt_compiler_flag :; t' \ -e 's: [^ ]*conftest\.: $lt_compiler_flag&:; t' \ -e 's:$: $lt_compiler_flag:'` - (eval echo "\"\$as_me:16445: $lt_compile\"" >&5) + (eval echo "\"\$as_me:16452: $lt_compile\"" >&5) (eval "$lt_compile" 2>conftest.err) ac_status=$? cat conftest.err >&5 - echo "$as_me:16449: \$? = $ac_status" >&5 + echo "$as_me:16456: \$? = $ac_status" >&5 if (exit $ac_status) && test -s "$ac_outfile"; then # The compiler can only warn and ignore the option if not recognized # So say no if there are warnings other than the usual output. @@ -16732,11 +16739,11 @@ else -e 's:.*FLAGS}\{0,1\} :&$lt_compiler_flag :; t' \ -e 's: [^ ]*conftest\.: $lt_compiler_flag&:; t' \ -e 's:$: $lt_compiler_flag:'` - (eval echo "\"\$as_me:16735: $lt_compile\"" >&5) + (eval echo "\"\$as_me:16742: $lt_compile\"" >&5) (eval "$lt_compile" 2>conftest.err) ac_status=$? cat conftest.err >&5 - echo "$as_me:16739: \$? = $ac_status" >&5 + echo "$as_me:16746: \$? = $ac_status" >&5 if (exit $ac_status) && test -s "$ac_outfile"; then # The compiler can only warn and ignore the option if not recognized # So say no if there are warnings other than the usual output. @@ -16836,11 +16843,11 @@ else -e 's:.*FLAGS}\{0,1\} :&$lt_compiler_flag :; t' \ -e 's: [^ ]*conftest\.: $lt_compiler_flag&:; t' \ -e 's:$: $lt_compiler_flag:'` - (eval echo "\"\$as_me:16839: $lt_compile\"" >&5) + (eval echo "\"\$as_me:16846: $lt_compile\"" >&5) (eval "$lt_compile" 2>out/conftest.err) ac_status=$? cat out/conftest.err >&5 - echo "$as_me:16843: \$? = $ac_status" >&5 + echo "$as_me:16850: \$? = $ac_status" >&5 if (exit $ac_status) && test -s out/conftest2.$ac_objext then # The compiler can only warn and ignore the option if not recognized @@ -23682,9 +23689,6 @@ echo "${ECHO_T}$ac_cv_header_gssapi_gssapi_h" >&6; } fi if test $ac_cv_header_gssapi_gssapi_h = yes; then - { { echo "$as_me:$LINENO: error: GSS-API not ready for primt time yet -- wait for next release" >&5 -echo "$as_me: error: GSS-API not ready for primt time yet -- wait for next release" >&2;} - { (exit 1); exit 1; }; }; cat >>confdefs.h <<\_ACEOF #define USE_GSSAPI @@ -24976,7 +24980,7 @@ exec 6>&1 # report actual input values of CONFIG_FILES etc. instead of their # values after options handling. ac_log=" -This file was extended by rsyslog $as_me 1.20.1, which was +This file was extended by rsyslog $as_me 1.21.0, which was generated by GNU Autoconf 2.61. Invocation command line was CONFIG_FILES = $CONFIG_FILES @@ -25029,7 +25033,7 @@ Report bugs to <bug-autoconf@gnu.org>." _ACEOF cat >>$CONFIG_STATUS <<_ACEOF ac_cs_version="\\ -rsyslog config.status 1.20.1 +rsyslog config.status 1.21.0 configured by $0, generated by GNU Autoconf 2.61, with options \\"`echo "$ac_configure_args" | sed 's/^ //; s/[\\""\`\$]/\\\\&/g'`\\" diff --git a/configure.ac b/configure.ac index 5485683..0039eac 100644 --- a/configure.ac +++ b/configure.ac @@ -2,10 +2,12 @@ # Process this file with autoconf to produce a configure script. AC_PREREQ(2.61) -AC_INIT([rsyslog],[1.20.1],[rsyslog@lists.adiscon.com.]) +AC_INIT([rsyslog],[1.21.0],[rsyslog@lists.adiscon.com.]) AM_INIT_AUTOMAKE AC_CONFIG_SRCDIR([syslogd.c]) -AC_CONFIG_HEADER([config.h]) +AC_CONFIG_HEADERS([config.h]) + +AC_GNU_SOURCE # Checks for programs. AC_PROG_CC @@ -145,7 +147,6 @@ AC_ARG_ENABLE(gssapi_krb5, if test $want_gssapi_krb5 = yes; then AC_CHECK_LIB(gssapi_krb5, gss_acquire_cred, [ AC_CHECK_HEADER(gssapi/gssapi.h, [ - AC_MSG_ERROR(GSS-API not ready for primt time yet -- wait for next release); AC_DEFINE(USE_GSSAPI,, Define if you want to use GSSAPI) gss_libs="-lgssapi_krb5" diff --git a/doc/features.html b/doc/features.html index e3685d1..2899cd7 100644 --- a/doc/features.html +++ b/doc/features.html @@ -46,6 +46,7 @@ is going on, you can also subscribe to the <a href="http://lists.adiscon.net/mai directories. Includes are specified in the main configuration file<li> supports multiple actions per selector/filter condition<li> MySQL and Postgres SQL functionality as a dynamically loadable plug-in<li> + support for GSS-API<li> modular design for outputs - easily extensible</ul> <p> </p> <h2>Upcoming Features</h2> diff --git a/doc/rsconf1_includeconfig.html b/doc/rsconf1_includeconfig.html index 155dcd4..cd8d8a5 100644 --- a/doc/rsconf1_includeconfig.html +++ b/doc/rsconf1_includeconfig.html @@ -32,6 +32,9 @@ with the /etc/rsyslog.conf file directly.</i></p> <p><code><b>$IncludeConfig /etc/some-included-file.conf</b></code></p> <p>Directories can also be included. To do so, the name must end on a slash:</p> <p><code><b>$IncludeConfig /etc/rsyslog.d/</b></code></p> +<p><code><b>And finally, only specific files matching a wildcard my be included +from a directory:</b></code></p> +<p><code><b>$IncludeConfig /etc/rsyslog.d/*.conf</b></code></p> <p>[<a href="rsyslog_conf.html">rsyslog.conf overview</a>] [<a href="manual.html">manual index</a>] [<a href="http://www.rsyslog.com/">rsyslog site</a>]</p> diff --git a/doc/status.html b/doc/status.html index b401a1e..f56422e 100644 --- a/doc/status.html +++ b/doc/status.html @@ -4,11 +4,11 @@ </head> <body> <h2>rsyslog status page</h2> -<p>This page reflects the status as of 2007-12-07.</p> +<p>This page reflects the status as of 2007-12-19.</p> <h2>Current Releases</h2> -<p><b>development:</b> 1.20.0 - -<a href="http://www.rsyslog.com/Article145.phtml">change log</a> - -<a href="http://www.rsyslog.com/Downloads-index-req-getit-lid-65.phtml">download</a></p> +<p><b>development:</b> 1.21.0 - +<a href="http://www.rsyslog.com/Article149.phtml">change log</a> - +<a href="http://www.rsyslog.com/Downloads-index-req-getit-lid-67.phtml">download</a></p> <p><b>stable:</b> 1.0.5 - <a href="http://www.rsyslog.com/Article85.phtml">change log</a> - <a href="http://www.rsyslog.com/Downloads-index-req-getit-lid-39.phtml">download</a></p> <p> (<a href="version_naming.html">How are versions named?</a>)</p> @@ -85,12 +85,12 @@ static int read_all(int fd, char *buf, unsigned int nbyte) fd_set rfds; struct timeval tv; - FD_ZERO(&rfds); - FD_SET(fd, &rfds); - tv.tv_sec = 1; - tv.tv_usec = 0; - for (ptr = buf; nbyte; ptr += ret, nbyte -= ret) { + FD_ZERO(&rfds); + FD_SET(fd, &rfds); + tv.tv_sec = 1; + tv.tv_usec = 0; + if ((ret = select(FD_SETSIZE, &rfds, NULL, NULL, &tv)) <= 0 || !FD_ISSET(fd, &rfds)) return ret; @@ -43,6 +43,9 @@ #include <errno.h> #include <ctype.h> #include <unistd.h> +#ifdef USE_NETZIP +#include <zlib.h> +#endif #ifdef USE_PTHREADS #include <pthread.h> #else @@ -165,7 +168,7 @@ CODESTARTfreeInstance OM_uint32 maj_stat, min_stat; if (pData->gss_context != GSS_C_NO_CONTEXT) { - maj_stat = gss_delete_sec_context(&min_stat, pData->gss_context, GSS_C_NO_BUFFER); + maj_stat = gss_delete_sec_context(&min_stat, &pData->gss_context, GSS_C_NO_BUFFER); if (maj_stat != GSS_S_COMPLETE) display_status("deleting context", maj_stat, min_stat); } @@ -1140,7 +1143,7 @@ ENDqueryEtryPt #ifdef USE_GSSAPI -static rsRetVal setGSSMode(void *pVal, uchar *mode) +static rsRetVal setGSSMode(void __attribute__((unused)) *pVal, uchar *mode) { if (!strcmp((char *) mode, "none")) { gss_mode = GSSMODE_NONE; @@ -24,10 +24,6 @@ # define _FILE_OFFSET_BITS 64 #endif -#ifndef _GNU_SOURCE -# define _GNU_SOURCE 1 -#endif - /* The error codes below are orginally "borrowed" from * liblogging. As such, we reserve values up to -2999 * just in case we need to borrow something more ;) @@ -34,9 +34,9 @@ #define SYNC_OBJ_TOOL_INIT(x) SyncObjInit(&((x)->Sync_mut)) #define SYNC_OBJ_TOOL_EXIT(x) SyncObjExit(&((x)->Sync_mut)) -/* If we run in non-debug mode, we use inline code for the mutex +/* If we run in non-debug (release) mode, we use inline code for the mutex * operations. If we run in debug mode, we use functions, because they - * are better to trace in the callframe. + * are better to trace in the stackframe. */ #ifdef NDEBUG #define LockObj(x) pthread_mutex_lock((x)->Sync_mut) @@ -53,8 +53,8 @@ extern void unlockObj(pthread_mutex_t *mut); #else /* Code not to compile for threading support */ #define SYNC_OBJ_TOOL -#define SYNC_OBJ_TOOL_INIT -#define SYNC_OBJ_TOOL_EXIT +#define SYNC_OBJ_TOOL_INIT(x) +#define SYNC_OBJ_TOOL_EXIT(X) #define LockObj(x) #define UnlockObj(x) #endif @@ -178,9 +178,10 @@ #include <netdb.h> #include <fnmatch.h> #include <dirent.h> +#include <glob.h> +#include <sys/types.h> +#include <sys/stat.h> -#ifndef __sun -#endif #include <arpa/nameser.h> #include <arpa/inet.h> #include <resolv.h> @@ -192,10 +193,13 @@ #include <pthread.h> #endif -#if HAVE_PATHS_H +#if HAVE_PATHS_H #include <paths.h> #endif +#ifdef USE_NETZIP +#include <zlib.h> +#endif /* handle some defines missing on more than one platform */ #ifndef SUN_LEN @@ -639,6 +643,10 @@ static struct AllowedSenders *pAllowedSenders_UDP = NULL; /* the roots of the al struct AllowedSenders *pAllowedSenders_TCP = NULL; /* lists. If NULL, all senders are ok! */ static struct AllowedSenders *pLastAllowedSenders_UDP = NULL; /* and now the pointers to the last */ static struct AllowedSenders *pLastAllowedSenders_TCP = NULL; /* element in the respective list */ +#ifdef USE_GSSAPI +struct AllowedSenders *pAllowedSenders_GSS = NULL; +static struct AllowedSenders *pLastAllowedSenders_GSS = NULL; +#endif #endif /* #ifdef SYSLOG_INET */ int option_DisallowWarning = 1; /* complain if message from disallowed sender is received */ @@ -936,12 +944,24 @@ static void PrintAllowedSenders(int iListToPrint) struct AllowedSenders *pSender; uchar szIP[64]; - assert((iListToPrint == 1) || (iListToPrint == 2)); + assert((iListToPrint == 1) || (iListToPrint == 2) +#ifdef USE_GSSAPI + || (iListToPrint == 3) +#endif + ); printf("\nAllowed %s Senders:\n", - (iListToPrint == 1) ? "UDP" : "TCP"); - pSender = (iListToPrint == 1) ? - pAllowedSenders_UDP : pAllowedSenders_TCP; + (iListToPrint == 1) ? "UDP" : +#ifdef USE_GSSAPI + (iListToPrint == 3) ? "GSS" : +#endif + "TCP"); + + pSender = (iListToPrint == 1) ? pAllowedSenders_UDP : +#ifdef USE_GSSAPI + (iListToPrint == 3) ? pAllowedSenders_GSS : +#endif + pAllowedSenders_TCP; if(pSender == NULL) { printf("\tNo restrictions set.\n"); } else { @@ -1064,7 +1084,6 @@ int isAllowedSender(struct AllowedSenders *pAllowRoot, struct sockaddr *pFrom, c if (MaskCmp (&(pAllow->allowedSender), pAllow->SignificantBits, pFrom, pszFromHost)) return 1; } - dbgprintf("%s is not an allowed sender\n", pszFromHost); return 0; } #endif /* #ifdef SYSLOG_INET */ @@ -1625,7 +1644,7 @@ void getCurrTime(struct syslogTime *t) static int usage(void) { fprintf(stderr, "usage: rsyslogd [-46AdhqQvw] [-l hostlist] [-m markinterval] [-n] [-p path]\n" \ - " [-s domainlist] [-r[port]] [-tport[,max-sessions]] [-f conffile] [-i pidfile] [-x]\n"); + " [-s domainlist] [-r[port]] [-tport[,max-sessions]] [-gport[,max-sessions]] [-f conffile] [-i pidfile] [-x]\n"); exit(1); /* "good" exit - done to terminate usage() */ } @@ -2212,13 +2231,6 @@ void printline(char *hname, char *msg, int bParseHost) logmsg(pri, pMsg, SYNC_FILE); - /* rgerhards 2004-11-11: - * we are done with the message object. If it still is - * stored somewhere, we can call discard anyhow. This - * is handled via the reference count - see description - * of msg_t for details. - */ - MsgDestruct(pMsg); return; } @@ -2272,7 +2284,6 @@ logmsgInternal(int pri, char *msg, int flags) * message to the queue engine. */ logmsg(pri, pMsg, flags); - MsgDestruct(pMsg); } #else iminternalAddMsg(pri, pMsg, flags); @@ -2816,7 +2827,7 @@ static void enqueueMsg(msg_t *pMsg) goto unlock; } } - queueAdd(fifo, MsgAddRef(pMsg)); + queueAdd(fifo, pMsg); unlock: /* now activate the worker thread */ pthread_mutex_unlock(fifo->mut); @@ -3628,6 +3639,10 @@ static void die(int sig) if(sockTCPLstn != NULL && *sockTCPLstn) { deinit_tcp_listener(); } +#ifdef USE_GSSAPI + if(bEnableTCP & ALLOWEDMETHOD_GSS) + TCPSessGSSDeinit(); +#endif #endif /* Clean-up files. */ @@ -3718,6 +3733,11 @@ static rsRetVal addAllowedSenderLine(char* pName, uchar** ppRestOfConfLine) } else if(!strcasecmp(pName, "tcp")) { ppRoot = &pAllowedSenders_TCP; ppLast = &pLastAllowedSenders_TCP; +#ifdef USE_GSSAPI + } else if(!strcasecmp(pName, "gss")) { + ppRoot = &pAllowedSenders_GSS; + ppLast = &pLastAllowedSenders_GSS; +#endif } else { logerrorSz("Invalid protocol '%s' in allowed sender " "list, line ignored", pName); @@ -3846,24 +3866,44 @@ finalize_it: static rsRetVal doIncludeLine(uchar **pp, __attribute__((unused)) void* pVal) { DEFiRet; - uchar cfgFile[MAXFNAME]; + char pattern[MAXFNAME]; + uchar *cfgFile; + glob_t cfgFiles; + size_t i = 0; + struct stat fileInfo; assert(pp != NULL); assert(*pp != NULL); - if(getSubString(pp, (char*) cfgFile, sizeof(cfgFile) / sizeof(uchar), ' ') != 0) { + if(getSubString(pp, (char*) pattern, sizeof(pattern) / sizeof(char), ' ') != 0) { logerror("could not extract group name"); ABORT_FINALIZE(RS_RET_NOT_FOUND); } - if(*(cfgFile+strlen((char*) cfgFile) - 1) == '/') { - dbgprintf("requested to include directory '%s'\n", cfgFile); - iRet = doIncludeDirectory(cfgFile); - } else { - dbgprintf("Requested to include config file '%s'\n", cfgFile); - iRet = processConfFile(cfgFile); + /* Use GLOB_MARK to append a trailing slash for directories. + * Required by doIncludeDirectory(). + */ + glob(pattern, GLOB_MARK, NULL, &cfgFiles); + + for(i = 0; i < cfgFiles.gl_pathc; i++) { + cfgFile = (uchar*) cfgFiles.gl_pathv[i]; + + if(stat((char*) cfgFile, &fileInfo) != 0) + continue; /* continue with the next file if we can't stat() the file */ + + if(S_ISREG(fileInfo.st_mode)) { /* config file */ + dbgprintf("requested to include config file '%s'\n", cfgFile); + iRet = processConfFile(cfgFile); + } else if(S_ISDIR(fileInfo.st_mode)) { /* config directory */ + dbgprintf("requested to include directory '%s'\n", cfgFile); + iRet = doIncludeDirectory(cfgFile); + } else { /* TODO: shall we handle symlinks or not? */ + dbgprintf("warning: unable to process IncludeConfig directive '%s'\n", cfgFile); + } } + globfree(&cfgFiles); + finalize_it: return iRet; } @@ -4201,6 +4241,9 @@ static void dbgPrintInitInfo(void) /* now the allowedSender lists: */ PrintAllowedSenders(1); /* UDP */ PrintAllowedSenders(2); /* TCP */ +#ifdef USE_GSSAPI + PrintAllowedSenders(3); /* GSS */ +#endif printf("\n"); #endif /* #ifdef SYSLOG_INET */ @@ -4354,9 +4397,19 @@ static void init(void) clearAllowedSenders (pAllowedSenders_TCP); pAllowedSenders_TCP = NULL; } +#ifdef USE_GSSAPI + if (pAllowedSenders_GSS != NULL) { + clearAllowedSenders (pAllowedSenders_GSS); + pAllowedSenders_GSS = NULL; + } +#endif } - assert(pAllowedSenders_UDP == NULL && pAllowedSenders_TCP == NULL); + assert(pAllowedSenders_UDP == NULL && pAllowedSenders_TCP == NULL +#ifdef USE_GSSAPI + && pAllowedSenders_GSS == NULL +#endif + ); #endif /* I was told by an IPv6 expert that calling getservbyname() seems to be * still valid, at least for the use case we have. So I re-enabled that @@ -4493,16 +4546,17 @@ static void init(void) * user-selectable option. rgerhards, 2007-06-21 */ # ifdef USE_GSSAPI - if(bEnableTCP == 2) { + if(bEnableTCP & ALLOWEDMETHOD_GSS) { if(TCPSessGSSInit()) { logerror("GSS-API initialization failed\n"); - bEnableTCP = -1; + bEnableTCP &= ~(ALLOWEDMETHOD_GSS); } } + if(bEnableTCP) # endif - if((sockTCPLstn = create_tcp_socket()) != NULL) { - dbgprintf("Opened %d syslog TCP port(s).\n", *sockTCPLstn); - } + if((sockTCPLstn = create_tcp_socket()) != NULL) { + dbgprintf("Opened %d syslog TCP port(s).\n", *sockTCPLstn); + } } } #endif @@ -5538,7 +5592,6 @@ static void processImInternal(void) while(iminternalRemoveMsg(&iPri, &pMsg, &iFlags) == RS_RET_OK) { logmsg(iPri, pMsg, iFlags); - MsgDestruct(pMsg); } } @@ -5713,6 +5766,7 @@ static rsRetVal processSelectAfter(int maxfds, int nfds, fd_set *pReadfds, fd_se (struct sockaddr *)&frominet, (char*)fromHostFQDN)) { printchopped((char*)fromHost, line, l, finet[i+1], 1); } else { + dbgprintf("%s is not an allowed sender\n", (char*)fromHostFQDN); if(option_DisallowWarning) { logerrorSz("UDP message from disallowed sender %s discarded", (char*)fromHost); @@ -5737,7 +5791,7 @@ static rsRetVal processSelectAfter(int maxfds, int nfds, fd_set *pReadfds, fd_se if (FD_ISSET(sockTCPLstn[i+1], pReadfds)) { dbgprintf("New connect on TCP inetd socket: #%d\n", sockTCPLstn[i+1]); # ifdef USE_GSSAPI - if(bEnableTCP == 2) + if(bEnableTCP & ALLOWEDMETHOD_GSS) TCPSessGSSAccept(sockTCPLstn[i+1]); else # endif @@ -5758,14 +5812,15 @@ static rsRetVal processSelectAfter(int maxfds, int nfds, fd_set *pReadfds, fd_se /* Receive message */ # ifdef USE_GSSAPI - if(bEnableTCP == 2) + int allowedMethods = pTCPSessions[iTCPSess].allowedMethods; + if(allowedMethods & ALLOWEDMETHOD_GSS) state = TCPSessGSSRecv(iTCPSess, buf, sizeof(buf)); else # endif state = recv(fdSess, buf, sizeof(buf), 0); if(state == 0) { # ifdef USE_GSSAPI - if(bEnableTCP == 2) + if(allowedMethods & ALLOWEDMETHOD_GSS) TCPSessGSSClose(iTCPSess); else { # endif @@ -5780,7 +5835,7 @@ static rsRetVal processSelectAfter(int maxfds, int nfds, fd_set *pReadfds, fd_se logerrorInt("TCP session %d will be closed, error ignored\n", fdSess); # ifdef USE_GSSAPI - if(bEnableTCP == 2) + if(allowedMethods & ALLOWEDMETHOD_GSS) TCPSessGSSClose(iTCPSess); else # endif @@ -5795,7 +5850,7 @@ static rsRetVal processSelectAfter(int maxfds, int nfds, fd_set *pReadfds, fd_se "previous messages for reason(s)\n", iTCPSess); # ifdef USE_GSSAPI - if(bEnableTCP == 2) + if(allowedMethods & ALLOWEDMETHOD_GSS) TCPSessGSSClose(iTCPSess); else # endif @@ -6121,6 +6176,11 @@ static void printVersion(void) #else printf("\tSYSLOG_INET (Internet/remote support):\tNo\n"); #endif +#if defined(SYSLOG_INET) && defined(USE_GSSAPI) + printf("\tFEATURE_GSSAPI (GSSAPI Kerberos 5 support):\tYes\n"); +#else + printf("\tFEATURE_GSSAPI (GSSAPI Kerberos 5 support):\tNo\n"); +#endif #ifndef NDEBUG printf("\tFEATURE_DEBUG (debug build, slow code):\tYes\n"); #else @@ -6267,8 +6327,9 @@ int main(int argc, char **argv) break; case 'g': /* enable tcp gssapi logging */ #if defined(SYSLOG_INET) && defined(USE_GSSAPI) - configureTCPListen(optarg); - bEnableTCP = 2; + if (!bEnableTCP) + configureTCPListen(optarg); + bEnableTCP |= ALLOWEDMETHOD_GSS; #else fprintf(stderr, "rsyslogd: -g not valid - not compiled with gssapi support"); #endif @@ -6326,7 +6387,9 @@ int main(int argc, char **argv) break; case 't': /* enable tcp logging */ #ifdef SYSLOG_INET - configureTCPListen(optarg); + if (!bEnableTCP) + configureTCPListen(optarg); + bEnableTCP |= ALLOWEDMETHOD_TCP; #else fprintf(stderr, "rsyslogd: -t not valid - not compiled with network support"); #endif @@ -24,8 +24,6 @@ #include "objomsr.h" #ifdef USE_NETZIP -#include <unistd.h> -#include <zlib.h> /* config param: minimum message size to try compression. The smaller * the message, the less likely is any compression gain. We check for * gain before we submit the message. But to do so we still need to @@ -81,6 +79,7 @@ extern char **StripDomains; extern char *LocalDomain; extern int bDropMalPTRMsgs; extern struct AllowedSenders *pAllowedSenders_TCP; +extern struct AllowedSenders *pAllowedSenders_GSS; extern char ctty[]; #endif /* #ifndef SYSLOGD_H_INCLUDED */ diff --git a/tcpsyslog.c b/tcpsyslog.c index c259166..1891505 100644 --- a/tcpsyslog.c +++ b/tcpsyslog.c @@ -77,7 +77,7 @@ int *sockTCPLstn = NULL; /* read-only after startup, modified by restart */ struct TCPSession *pTCPSessions; /* The thread-safeness of the sesion table is doubtful */ #ifdef USE_GSSAPI -static gss_cred_id_t gss_server_creds; +static gss_cred_id_t gss_server_creds = GSS_C_NO_CREDENTIAL; char *gss_listen_service_name = NULL; #endif @@ -99,7 +99,6 @@ void configureTCPListen(char *cOptarg) register char *pArg = cOptarg; assert(cOptarg != NULL); - bEnableTCP = -1; /* enable TCP listening */ /* extract port */ i = 0; @@ -166,6 +165,7 @@ static int TCPSessInit(void) #ifdef USE_GSSAPI pTCPSessions[i].gss_flags = 0; pTCPSessions[i].gss_context = GSS_C_NO_CONTEXT; + pTCPSessions[i].allowedMethods = 0; #endif } return(0); @@ -229,7 +229,7 @@ void deinit_tcp_listener(void) close(fd); free(pTCPSessions[iTCPSess].fromHost); #ifdef USE_GSSAPI - if(bEnableTCP == 2) { + if(bEnableTCP & ALLOWEDMETHOD_GSS) { OM_uint32 maj_stat, min_stat; maj_stat = gss_delete_sec_context(&min_stat, &pTCPSessions[iTCPSess].gss_context, GSS_C_NO_BUFFER); if (maj_stat != GSS_S_COMPLETE) @@ -420,6 +420,7 @@ int TCPSessAccept(int fd) uchar fromHost[NI_MAXHOST]; uchar fromHostFQDN[NI_MAXHOST]; char *pBuf; + char allowedMethods = 0; newConn = accept(fd, (struct sockaddr*) &addr, &addrlen); if (newConn < 0) { @@ -453,7 +454,21 @@ int TCPSessAccept(int fd) * configured to do this). * rgerhards, 2005-09-26 */ - if(!isAllowedSender(pAllowedSenders_TCP, (struct sockaddr *)&addr, (char*)fromHostFQDN)) { +#ifdef USE_GSSAPI + if((bEnableTCP & ALLOWEDMETHOD_TCP) && + isAllowedSender(pAllowedSenders_TCP, (struct sockaddr *)&addr, (char*)fromHostFQDN)) + allowedMethods |= ALLOWEDMETHOD_TCP; + if((bEnableTCP & ALLOWEDMETHOD_GSS) && + isAllowedSender(pAllowedSenders_GSS, (struct sockaddr *)&addr, (char*)fromHostFQDN)) + allowedMethods |= ALLOWEDMETHOD_GSS; + if(allowedMethods) + pTCPSessions[iSess].allowedMethods = allowedMethods; + else +#else + if(!isAllowedSender(pAllowedSenders_TCP, (struct sockaddr *)&addr, (char*)fromHostFQDN)) +#endif + { + dbgprintf("%s is not an allowed sender\n", (char *) fromHostFQDN); if(option_DisallowWarning) { errno = 0; logerrorSz("TCP message from disallowed sender %s discarded", @@ -706,7 +721,10 @@ int TCPSessGSSInit(void) gss_buffer_desc name_buf; gss_name_t server_name; OM_uint32 maj_stat, min_stat; - + + if (gss_server_creds != GSS_C_NO_CREDENTIAL) + return 0; + name_buf.value = (gss_listen_service_name == NULL) ? "host" : gss_listen_service_name; name_buf.length = strlen(name_buf.value) + 1; maj_stat = gss_import_name(&min_stat, &name_buf, GSS_C_NT_HOSTBASED_SERVICE, &server_name); @@ -733,60 +751,159 @@ int TCPSessGSSAccept(int fd) { gss_buffer_desc send_tok, recv_tok; gss_name_t client; - gss_OID doid; OM_uint32 maj_stat, min_stat, acc_sec_min_stat; int iSess; gss_ctx_id_t *context; OM_uint32 *sess_flags; int fdSess; + char allowedMethods; if ((iSess = TCPSessAccept(fd)) == -1) return -1; - context = &pTCPSessions[iSess].gss_context; - *context = GSS_C_NO_CONTEXT; - sess_flags = &pTCPSessions[iSess].gss_flags; - fdSess = pTCPSessions[iSess].sock; - - do { - if (recv_token(fdSess, &recv_tok) <= 0) - return -1; - - maj_stat = gss_accept_sec_context(&acc_sec_min_stat, context, gss_server_creds, - &recv_tok, GSS_C_NO_CHANNEL_BINDINGS, &client, - NULL, &send_tok, sess_flags, NULL, NULL); - if (recv_tok.value) { - free(recv_tok.value); - recv_tok.value = NULL; - } - if (send_tok.length != 0) { - if (send_token(fdSess, &send_tok) < 0) { + allowedMethods = pTCPSessions[iSess].allowedMethods; + if (allowedMethods & ALLOWEDMETHOD_GSS) { + /* Buffer to store raw message in case that + * gss authentication fails halfway through. + */ + char buf[MAXLINE]; + int ret = 0; + + dbgprintf("GSS-API Trying to accept TCP session %d\n", iSess); + + fdSess = pTCPSessions[iSess].sock; + if (allowedMethods & ALLOWEDMETHOD_TCP) { + int len; + fd_set fds; + struct timeval tv; + + do { + FD_ZERO(&fds); + FD_SET(fdSess, &fds); + tv.tv_sec = 1; + tv.tv_usec = 0; + ret = select(fdSess + 1, &fds, NULL, NULL, &tv); + } while (ret < 0 && errno == EINTR); + if (ret < 0) { + logerrorInt("TCP session %d will be closed, error ignored\n", iSess); + TCPSessClose(iSess); return -1; + } else if (ret == 0) { + dbgprintf("GSS-API Reverting to plain TCP\n"); + pTCPSessions[iSess].allowedMethods = ALLOWEDMETHOD_TCP; + return 0; } - gss_release_buffer(&min_stat, &send_tok); - } - if (maj_stat != GSS_S_COMPLETE - && maj_stat != GSS_S_CONTINUE_NEEDED) { - display_status("accepting context", maj_stat, - acc_sec_min_stat); - if (*context != GSS_C_NO_CONTEXT) - gss_delete_sec_context(&min_stat, context, - GSS_C_NO_BUFFER); - return -1; - } - } while (maj_stat == GSS_S_CONTINUE_NEEDED); + do { + ret = recv(fdSess, buf, sizeof (buf), MSG_PEEK); + } while (ret < 0 && errno == EINTR); + if (ret <= 0) { + if (ret == 0) + dbgprintf("GSS-API Connection closed by peer\n"); + else + logerrorInt("TCP session %d will be closed, error ignored\n", iSess); + TCPSessClose(iSess); + return -1; + } - maj_stat = gss_display_name(&min_stat, client, &recv_tok, NULL); - if (maj_stat != GSS_S_COMPLETE) - display_status("displaying name", maj_stat, min_stat); - gss_release_name(&min_stat, &client); + if (ret < 4) { + dbgprintf("GSS-API Reverting to plain TCP\n"); + pTCPSessions[iSess].allowedMethods = ALLOWEDMETHOD_TCP; + return 0; + } else if (ret == 4) { + /* The client might has been interupted after sending + * the data length (4B), give him another chance. + */ + sleep(1); + do { + ret = recv(fdSess, buf, sizeof (buf), MSG_PEEK); + } while (ret < 0 && errno == EINTR); + if (ret <= 0) { + if (ret == 0) + dbgprintf("GSS-API Connection closed by peer\n"); + else + logerrorInt("TCP session %d will be closed, error ignored\n", iSess); + TCPSessClose(iSess); + return -1; + } + } - dbgprintf("GSS-API Accepted connection from: %s\n", recv_tok.value); - gss_release_buffer(&min_stat, &recv_tok); + len = ntohl((buf[0] << 24) + | (buf[1] << 16) + | (buf[2] << 8) + | buf[3]); + if ((ret - 4) < len || len == 0) { + dbgprintf("GSS-API Reverting to plain TCP\n"); + pTCPSessions[iSess].allowedMethods = ALLOWEDMETHOD_TCP; + return 0; + } + } - dbgprintf("GSS-API Provided context flags:\n"); - display_ctx_flags(*sess_flags); + context = &pTCPSessions[iSess].gss_context; + *context = GSS_C_NO_CONTEXT; + sess_flags = &pTCPSessions[iSess].gss_flags; + do { + if (recv_token(fdSess, &recv_tok) <= 0) { + logerrorInt("TCP session %d will be closed, error ignored\n", iSess); + TCPSessClose(iSess); + return -1; + } + maj_stat = gss_accept_sec_context(&acc_sec_min_stat, context, gss_server_creds, + &recv_tok, GSS_C_NO_CHANNEL_BINDINGS, &client, + NULL, &send_tok, sess_flags, NULL, NULL); + if (recv_tok.value) { + free(recv_tok.value); + recv_tok.value = NULL; + } + if (maj_stat != GSS_S_COMPLETE + && maj_stat != GSS_S_CONTINUE_NEEDED) { + gss_release_buffer(&min_stat, &send_tok); + if (*context != GSS_C_NO_CONTEXT) + gss_delete_sec_context(&min_stat, context, GSS_C_NO_BUFFER); + if ((allowedMethods & ALLOWEDMETHOD_TCP) && + (GSS_ROUTINE_ERROR(maj_stat) == GSS_S_DEFECTIVE_TOKEN)) { + dbgprintf("GSS-API Reverting to plain TCP\n"); + dbgprintf("tcp session socket with new data: #%d\n", fdSess); + if(TCPSessDataRcvd(iSess, buf, ret) == 0) { + logerrorInt("Tearing down TCP Session %d - see " + "previous messages for reason(s)\n", + iSess); + TCPSessClose(iSess); + return -1; + } + pTCPSessions[iSess].allowedMethods = ALLOWEDMETHOD_TCP; + return 0; + } + display_status("accepting context", maj_stat, + acc_sec_min_stat); + TCPSessClose(iSess); + return -1; + } + if (send_tok.length != 0) { + if (send_token(fdSess, &send_tok) < 0) { + gss_release_buffer(&min_stat, &send_tok); + logerrorInt("TCP session %d will be closed, error ignored\n", iSess); + if (*context != GSS_C_NO_CONTEXT) + gss_delete_sec_context(&min_stat, context, GSS_C_NO_BUFFER); + TCPSessClose(iSess); + return -1; + } + gss_release_buffer(&min_stat, &send_tok); + } + } while (maj_stat == GSS_S_CONTINUE_NEEDED); + + maj_stat = gss_display_name(&min_stat, client, &recv_tok, NULL); + if (maj_stat != GSS_S_COMPLETE) + display_status("displaying name", maj_stat, min_stat); + else + dbgprintf("GSS-API Accepted connection from: %s\n", recv_tok.value); + gss_release_name(&min_stat, &client); + gss_release_buffer(&min_stat, &recv_tok); + + dbgprintf("GSS-API Provided context flags:\n"); + display_ctx_flags(*sess_flags); + pTCPSessions[iSess].allowedMethods = ALLOWEDMETHOD_GSS; + } return 0; } @@ -845,9 +962,19 @@ void TCPSessGSSClose(int iSess) { display_status("deleting context", maj_stat, min_stat); *context = GSS_C_NO_CONTEXT; pTCPSessions[iSess].gss_flags = 0; + pTCPSessions[iSess].allowedMethods = 0; TCPSessClose(iSess); } + + +void TCPSessGSSDeinit(void) { + OM_uint32 maj_stat, min_stat; + + maj_stat = gss_release_cred(&min_stat, &gss_server_creds); + if (maj_stat != GSS_S_COMPLETE) + display_status("releasing credentials", maj_stat, min_stat); +} #endif /* #ifdef USE_GSSAPI */ diff --git a/tcpsyslog.h b/tcpsyslog.h index f8e2fa9..a68e893 100644 --- a/tcpsyslog.h +++ b/tcpsyslog.h @@ -39,6 +39,7 @@ struct TCPSession { #if defined(SYSLOG_INET) && defined(USE_GSSAPI) OM_uint32 gss_flags; gss_ctx_id_t gss_context; + char allowedMethods; #endif }; @@ -49,8 +50,12 @@ extern int bEnableTCP; extern struct TCPSession *pTCPSessions; #if defined(SYSLOG_INET) && defined(USE_GSSAPI) extern char *gss_listen_service_name; + +#define ALLOWEDMETHOD_GSS 2 #endif +#define ALLOWEDMETHOD_TCP 1 + /* prototypes */ void deinit_tcp_listener(void); int *create_tcp_socket(void); @@ -65,6 +70,7 @@ int TCPSessGSSInit(void); int TCPSessGSSAccept(int fd); int TCPSessGSSRecv(int fd, void *buf, size_t buf_len); void TCPSessGSSClose(int sess); +void TCPSessGSSDeinit(void); #endif #endif /* #ifndef TCPSYSLOG_H_INCLUDED */ |